Difference between revisions of "FLOP:CVE Monitoring"

From Funtoo

@@ Line 90: / Line 90: @@
 Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
-The correct pattern for this is probably a <tt>truth table</tt>, with the above exact matching algorithm one example of generalized predicates at are applied to each cve document in the cvedb. A table pairing packages and predicates can they be interpreted via custom logical operations to yields sets of the packages to consider for further discussion or immediate issue creation.
+This is meant to be human in the loop automation: we can just be spamming <tt>jira</tt>, and <tt>dev</tt>s must take ownership of issues.
 {{FLOPFooter}}
@@ Line 96: / Line 96: @@
 The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
-== Example Output Fri 31 Jul 2020 02:49:59 PM EDT ==
+== Example Output Mon 10 Aug 2020 10:39:01 PM EDT ==
 Summary:
 -------
-CVE-2020-15953: net-libs/libetpan-1.9.3
+CVE-2020-15115: dev-db/etcd-3.3.12
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 10.00
 Description:
 -----------
-[07/27/2020]
+[08/06/2020]
-LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
+etcd before versions 3.3.23 and 3.4.10 does not perform any password length
-has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
+validation, which allows for very short passwords, such as those with a length
-sends a "begin TLS" response, the client reads additional data (e.g., from a
+of one. This may allow an attacker to guess or brute-force users' passwords with
-meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
+little computational effort.
-injection."
 CatPkg:
 ------
-net-libs/libetpan
+dev-db/etcd
 KitBranch:
 ---------
-net-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 125: / Line 130: @@
 AffectsVersions:
 ---------------
-.9.3
+.3.12
 Facts:
 -----
-https://github.com/dinhvh/libetpan/issues/386
+https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
-https://security.gentoo.org/glsa/202007-55
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-12460: mail-filter/opendmarc-1.1.3
+CVE-2020-15113: dev-db/etcd-3.3.12
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: 3.95
 Description:
 -----------
-[07/27/2020]
+[08/05/2020]
-OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
+In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
-termination in the function opendmarc_xml_parse that can result in a one-byte
+(etcd data directory and the directory path when provided to automatically
-heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
+generate self-signed certificates for TLS connections with clients) with
-report. This can cause remote memory corruption when a '\0' byte overwrites the
+restricted access permissions (700) by using the os.MkdirAll. This function does
-heap metadata of the next chunk and its PREV_INUSE flag.
+not perform any permission checks when a given directory path exists already.
+A possible workaround is to ensure the directories have the desired permission
+(700).
 CatPkg:
 ------
-mail-filter/opendmarc
+dev-db/etcd
 KitBranch:
 ---------
-net-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 160: / Line 173: @@
 AffectsVersions:
 ---------------
-.1.3
+.3.12
 Facts:
 -----
-https://github.com/trusteddomainproject/OpenDMARC/issues/64
+https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
-https://sourceforge.net/projects/opendmarc/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15890: dev-lang/luajit-2.0.2
+CVE-2020-15114: dev-db/etcd-3.3.12
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
-[07/21/2020]
+[08/06/2020]
-LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
-traversal is mishandled.
+proxy to allow for basic service discovery and access. However, it is possible
+to include the gateway address as an endpoint. This results in a denial of
+service, since the endpoint can become stuck in a loop of requesting itself
+until there are no more available file descriptors to accept connections on the
+gateway.
 CatPkg:
 ------
-dev-lang/luajit
+dev-db/etcd
 KitBranch:
 ---------
-lang-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 192: / Line 215: @@
 AffectsVersions:
 ---------------
-.0.2
+.3.12
 Facts:
 -----
-https://github.com/LuaJIT/LuaJIT/issues/601
+https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
-https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15890: dev-lang/luajit-2.0.3
+CVE-2020-15115: dev-db/etcd-3.3.13
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 10.00
 Description:
 -----------
-[07/21/2020]
+[08/06/2020]
-LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+etcd before versions 3.3.23 and 3.4.10 does not perform any password length
-traversal is mishandled.
+validation, which allows for very short passwords, such as those with a length
+of one. This may allow an attacker to guess or brute-force users' passwords with
+little computational effort.
 CatPkg:
 ------
-dev-lang/luajit
+dev-db/etcd
 KitBranch:
 ---------
-lang-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 224: / Line 255: @@
 AffectsVersions:
 ---------------
-.0.3
+.3.13
 Facts:
 -----
-https://github.com/LuaJIT/LuaJIT/issues/601
+https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
-https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15890: dev-lang/luajit-2.0.4
+CVE-2020-15113: dev-db/etcd-3.3.13
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: 3.95
 Description:
 -----------
-[07/21/2020]
+[08/05/2020]
-LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
-traversal is mishandled.
+(etcd data directory and the directory path when provided to automatically
+generate self-signed certificates for TLS connections with clients) with
+restricted access permissions (700) by using the os.MkdirAll. This function does
+not perform any permission checks when a given directory path exists already.
+A possible workaround is to ensure the directories have the desired permission
+(700).
 CatPkg:
 ------
-dev-lang/luajit
+dev-db/etcd
 KitBranch:
 ---------
-lang-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 256: / Line 298: @@
 AffectsVersions:
 ---------------
-.0.4
+.3.13
 Facts:
 -----
-https://github.com/LuaJIT/LuaJIT/issues/601
+https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
-https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15890: dev-lang/luajit-2.0.5
+CVE-2020-15114: dev-db/etcd-3.3.13
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
-[07/21/2020]
+[08/06/2020]
-LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
+In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
-traversal is mishandled.
+proxy to allow for basic service discovery and access. However, it is possible
+to include the gateway address as an endpoint. This results in a denial of
+service, since the endpoint can become stuck in a loop of requesting itself
+until there are no more available file descriptors to accept connections on the
+gateway.
 CatPkg:
 ------
-dev-lang/luajit
+dev-db/etcd
 KitBranch:
 ---------
-lang-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 288: / Line 340: @@
 AffectsVersions:
 ---------------
-.0.5
+.3.13
 Facts:
 -----
-https://github.com/LuaJIT/LuaJIT/issues/601
+https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
-https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-1776: www-apps/otrs-5.0.25
+CVE-2020-16117: gnome-extra/evolution-data-server-3.36.2
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 10.00
 Description:
 -----------
-[07/20/2020]
+[07/29/2020]
-When an agent user is renamed or set to invalid the session belonging to the
+In GNOME evolution-data-server before 3.35.91, a malicious server can
-user is keept active. The session can not be used to access ticket data in the
+crash the mail client with a NULL pointer dereference by sending an invalid
-case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+(e.g., minimal) CAPABILITY line on a connection attempt. This is related to
-and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+imapx_free_capability and imapx_connect_to_server.
 CatPkg:
 ------
-www-apps/otrs
+gnome-extra/evolution-data-server
 KitBranch:
 ---------
-net-kit/1.4-release
+gnome-kit/3.36-prime
 labels:
@@ Line 322: / Line 380: @@
 AffectsVersions:
 ---------------
-.0.25
+.36.2
 Facts:
 -----
-https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
+https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
+https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
+https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-1776: www-apps/otrs-6.0.3
+CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/17/2020]
-When an agent user is renamed or set to invalid the session belonging to the
+evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
-user is keept active. The session can not be used to access ticket data in the
+affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
-case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+additional data and evaluates it in a TLS context, aka "response injection."
-and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 CatPkg:
 ------
-www-apps/otrs
+gnome-extra/evolution-data-server
 KitBranch:
 ---------
-net-kit/1.4-release
+gnome-kit/3.36-prime
 labels:
@@ Line 355: / Line 422: @@
 AffectsVersions:
 ---------------
-.0.3
+.36.2
 Facts:
 -----
-https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+https://bugzilla.suse.com/show_bug.cgi?id=1173910
+https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
+https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
+https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
+https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/
+https://security-tracker.debian.org/tracker/DLA-2281-1
+https://security-tracker.debian.org/tracker/DSA-4725-1
+https://usn.ubuntu.com/4429-1/
+https://www.debian.org/security/2020/dsa-4725
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-1776: www-apps/otrs-6.0.4
+CVE-2020-13699: net-misc/teamviewer-14.1.3399
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/29/2020]
-When an agent user is renamed or set to invalid the session belonging to the
+TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
-user is keept active. The session can not be used to access ticket data in the
+custom URI handlers. A malicious website could launch TeamViewer with arbitrary
-case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
-and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+force a victim to send an NTLM authentication request and either relay the
+request or capture the hash for offline password cracking. This affects
+teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
+tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
+and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
+.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 CatPkg:
 ------
-www-apps/otrs
+net-misc/teamviewer
 KitBranch:
@@ Line 388: / Line 476: @@
 AffectsVersions:
 ---------------
-.0.4
+.1.3399
 Facts:
 -----
-https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
+https://jeffs.sh/CVEs/CVE-2020-13699.txt
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-1776: www-apps/otrs-6.0.5
+CVE-2020-13699: net-misc/teamviewer-14.1.9025
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/29/2020]
-When an agent user is renamed or set to invalid the session belonging to the
+TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
-user is keept active. The session can not be used to access ticket data in the
+custom URI handlers. A malicious website could launch TeamViewer with arbitrary
-case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
-and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+force a victim to send an NTLM authentication request and either relay the
+request or capture the hash for offline password cracking. This affects
+teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
+tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
+and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
+.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 CatPkg:
 ------
-www-apps/otrs
+net-misc/teamviewer
 KitBranch:
@@ Line 421: / Line 522: @@
 AffectsVersions:
 ---------------
-.0.5
+.1.9025
 Facts:
 -----
-https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
+https://jeffs.sh/CVEs/CVE-2020-13699.txt
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-1776: www-apps/otrs-6.0.7
+CVE-2020-13699: net-misc/teamviewer-14.1.18533
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/29/2020]
-When an agent user is renamed or set to invalid the session belonging to the
+TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
-user is keept active. The session can not be used to access ticket data in the
+custom URI handlers. A malicious website could launch TeamViewer with arbitrary
-case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
-and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
+force a victim to send an NTLM authentication request and either relay the
+request or capture the hash for offline password cracking. This affects
+teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
+tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
+and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
+.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 CatPkg:
 ------
-www-apps/otrs
+net-misc/teamviewer
 KitBranch:
@@ Line 454: / Line 568: @@
 AffectsVersions:
 ---------------
-.0.7
+.1.18533
 Facts:
 -----
-https://otrs.com/release-notes/otrs-security-advisory-2020-13/
+https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
+https://jeffs.sh/CVEs/CVE-2020-13699.txt
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
+CVE-2020-13699: net-misc/teamviewer-14.2.2558
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/17/2020]
+[07/29/2020]
-evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
+TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
-affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
+custom URI handlers. A malicious website could launch TeamViewer with arbitrary
-additional data and evaluates it in a TLS context, aka "response injection."
+parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
+force a victim to send an NTLM authentication request and either relay the
+request or capture the hash for offline password cracking. This affects
+teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
+tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
+and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
+.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 CatPkg:
 ------
-gnome-extra/evolution-data-server
+net-misc/teamviewer
 KitBranch:
 ---------
-gnome-kit/3.36-prime
+net-kit/1.4-release
 labels:
@@ Line 486: / Line 614: @@
 AffectsVersions:
 ---------------
-.36.2
+.2.2558
 Facts:
 -----
-https://bugzilla.suse.com/show_bug.cgi?id=1173910
+https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
-https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
+https://jeffs.sh/CVEs/CVE-2020-13699.txt
-https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
-https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
-https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
-https://security-tracker.debian.org/tracker/DLA-2281-1
-https://security-tracker.debian.org/tracker/DSA-4725-1
-https://usn.ubuntu.com/4429-1/
-https://www.debian.org/security/2020/dsa-4725
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15852: app-emulation/xen-4.10.3-r1
+CVE-2020-13699: net-misc/teamviewer-14.2.8352
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/29/2020]
-An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
-Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+custom URI handlers. A malicious website could launch TeamViewer with arbitrary
-permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
-mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+force a victim to send an NTLM authentication request and either relay the
-Xen, aka CID-cadfad870154.
+request or capture the hash for offline password cracking. This affects
+teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
+tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
+and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
+.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 CatPkg:
 ------
-app-emulation/xen
+net-misc/teamviewer
 KitBranch:
 ---------
-nokit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 528: / Line 660: @@
 AffectsVersions:
 ---------------
-.10.3-r1
+.2.8352
 Facts:
 -----
-http://www.openwall.com/lists/oss-security/2020/07/21/2
+https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
-http://xenbits.xen.org/xsa/advisory-329.html
+https://jeffs.sh/CVEs/CVE-2020-13699.txt
-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
-https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15852: app-emulation/xen-4.11.1-r3
+CVE-2020-12460: mail-filter/opendmarc-1.1.3
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 10.00
 Description:
 -----------
-[07/20/2020]
+[07/27/2020]
-An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
-Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+termination in the function opendmarc_xml_parse that can result in a one-byte
-permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
-mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+report. This can cause remote memory corruption when a '\0' byte overwrites the
-Xen, aka CID-cadfad870154.
+heap metadata of the next chunk and its PREV_INUSE flag.
 CatPkg:
 ------
-app-emulation/xen
+mail-filter/opendmarc
 KitBranch:
 ---------
-nokit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 565: / Line 702: @@
 AffectsVersions:
 ---------------
-.11.1-r3
+.1.3
 Facts:
 -----
-http://www.openwall.com/lists/oss-security/2020/07/21/2
+https://github.com/trusteddomainproject/OpenDMARC/issues/64
-http://xenbits.xen.org/xsa/advisory-329.html
+https://sourceforge.net/projects/opendmarc/
-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
-https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15852: app-emulation/xen-4.12.0-r1
+CVE-2020-15953: net-libs/libetpan-1.9.3
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/20/2020]
+[07/27/2020]
-An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
+LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
-Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
-permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+sends a "begin TLS" response, the client reads additional data (e.g., from a
-mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
-Xen, aka CID-cadfad870154.
+injection."
 CatPkg:
 ------
-app-emulation/xen
+net-libs/libetpan
 KitBranch:
 ---------
-nokit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 602: / Line 744: @@
 AffectsVersions:
 ---------------
-.12.0-r1
+.9.3
 Facts:
 -----
-http://www.openwall.com/lists/oss-security/2020/07/21/2
+https://github.com/dinhvh/libetpan/issues/386
-http://xenbits.xen.org/xsa/advisory-329.html
+https://security.gentoo.org/glsa/202007-55
-https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
-https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15121: dev-util/radare2-3.4.1
+CVE-2020-1776: www-apps/otrs-5.0.25
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
 [07/20/2020]
-In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+When an agent user is renamed or set to invalid the session belonging to the
-path cause shell injection. To trigger the problem it's required to open the
+user is keept active. The session can not be used to access ticket data in the
-executable in radare2 and run idpd to trigger the download. The shell code will
+case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
-execute, and will create a file called pwned in the current directory.
+and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 CatPkg:
 ------
-dev-util/radare2
+www-apps/otrs
 KitBranch:
 ---------
-dev-kit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 638: / Line 785: @@
 AffectsVersions:
 ---------------
-.4.1
+.0.25
 Facts:
 -----
-https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+https://otrs.com/release-notes/otrs-security-advisory-2020-13/
-https://github.com/radareorg/radare2/issues/16945
-https://github.com/radareorg/radare2/pull/16966
-https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15121: dev-util/radare2-3.5.0
+CVE-2020-1776: www-apps/otrs-6.0.3
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
 [07/20/2020]
-In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+When an agent user is renamed or set to invalid the session belonging to the
-path cause shell injection. To trigger the problem it's required to open the
+user is keept active. The session can not be used to access ticket data in the
-executable in radare2 and run idpd to trigger the download. The shell code will
+case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
-execute, and will create a file called pwned in the current directory.
+and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 CatPkg:
 ------
-dev-util/radare2
+www-apps/otrs
 KitBranch:
 ---------
-dev-kit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 674: / Line 825: @@
 AffectsVersions:
 ---------------
-.5.0
+.0.3
 Facts:
 -----
-https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+https://otrs.com/release-notes/otrs-security-advisory-2020-13/
-https://github.com/radareorg/radare2/issues/16945
-https://github.com/radareorg/radare2/pull/16966
-https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15121: dev-util/radare2-3.5.1
+CVE-2020-1776: www-apps/otrs-6.0.4
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
 [07/20/2020]
-In radare2 before version 4.5.0, malformed PDB file names in the PDB server
+When an agent user is renamed or set to invalid the session belonging to the
-path cause shell injection. To trigger the problem it's required to open the
+user is keept active. The session can not be used to access ticket data in the
-executable in radare2 and run idpd to trigger the download. The shell code will
+case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
-execute, and will create a file called pwned in the current directory.
+and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 CatPkg:
 ------
-dev-util/radare2
+www-apps/otrs
 KitBranch:
 ---------
-dev-kit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 710: / Line 865: @@
 AffectsVersions:
 ---------------
-.5.1
+.0.4
 Facts:
 -----
-https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
+https://otrs.com/release-notes/otrs-security-advisory-2020-13/
-https://github.com/radareorg/radare2/issues/16945
-https://github.com/radareorg/radare2/pull/16966
-https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-14001: dev-ruby/kramdown-1.17.0
+CVE-2020-1776: www-apps/otrs-6.0.5
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-The kramdown gem before 2.3.0 for Ruby processes the template option inside
+When an agent user is renamed or set to invalid the session belonging to the
-Kramdown documents by default, which allows unintended read access (such as
+user is keept active. The session can not be used to access ticket data in the
-template="/etc/passwd") or unintended embedded Ruby code execution (such as a
+case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
-string that begins with template="string://<%= `). NOTE: kramdown is used in
+and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
-Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
 CatPkg:
 ------
-dev-ruby/kramdown
+www-apps/otrs
 KitBranch:
 ---------
-ruby-kit/2.6-prime
+net-kit/1.4-release
 labels:
@@ Line 747: / Line 905: @@
 AffectsVersions:
 ---------------
-.17.0
+.0.5
 Facts:
 -----
-https://github.com/gettalong/kramdown
+https://otrs.com/release-notes/otrs-security-advisory-2020-13/
-https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
-https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
-https://kramdown.gettalong.org
-https://kramdown.gettalong.org/news.html
-https://rubygems.org/gems/kramdown
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15586: dev-lang/go-1.12.17
+CVE-2020-1776: www-apps/otrs-6.0.7
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
+When an agent user is renamed or set to invalid the session belonging to the
-servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
+user is keept active. The session can not be used to access ticket data in the
-a request body and writes a response at the same time.
+case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
+and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 CatPkg:
 ------
-dev-lang/go
+www-apps/otrs
 KitBranch:
 ---------
-lang-kit/1.4-release
+net-kit/1.4-release
 labels:
@@ Line 784: / Line 945: @@
 AffectsVersions:
 ---------------
-.12.17
+.0.7
 Facts:
 -----
-http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
+https://otrs.com/release-notes/otrs-security-advisory-2020-13/
-http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
-https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
+--------------------------------------------------------------------------------
-https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+--------------------------------------------------------------------------------
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
-https://www.cloudfoundry.org/blog/cve-2020-15586/
 Summary:
 -------
-CVE-2020-14039: dev-lang/go-1.12.17
+CVE-2020-15852: app-emulation/xen-4.10.3-r1
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 3.95
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
+An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
-check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
+Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
-equals nil and the installation is on Windows). Thus, X.509 certificate
+permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
-verification is incomplete.
+mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+Xen, aka CID-cadfad870154.
 CatPkg:
 ------
-dev-lang/go
+app-emulation/xen
 KitBranch:
 ---------
-lang-kit/1.4-release
+nokit/1.4-release
 labels:
@@ Line 823: / Line 986: @@
 AffectsVersions:
 ---------------
-.12.17
+.10.3-r1
 Facts:
 -----
-http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
+http://www.openwall.com/lists/oss-security/2020/07/21/2
-http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
+http://xenbits.xen.org/xsa/advisory-329.html
-https://groups.google.com/forum/#!forum/golang-announce
+https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
-https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.16
+CVE-2020-15852: app-emulation/xen-4.11.1-r3
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 3.95
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+Xen, aka CID-cadfad870154.
 CatPkg:
 ------
-net-analyzer/zabbix
+app-emulation/xen
 KitBranch:
 ---------
-net-kit/1.4-release
+nokit/1.4-release
 labels:
@@ Line 857: / Line 1,030: @@
 AffectsVersions:
 ---------------
-.2.16
+.11.1-r3
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+http://www.openwall.com/lists/oss-security/2020/07/21/2
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+http://xenbits.xen.org/xsa/advisory-329.html
-https://support.zabbix.com/browse/ZBX-18057
+https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
+https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.16
+CVE-2020-15852: app-emulation/xen-4.12.0-r1
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 3.95
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
+permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
+mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
+Xen, aka CID-cadfad870154.
 CatPkg:
 ------
-net-analyzer/zabbix
+app-emulation/xen
 KitBranch:
 ---------
-net-kit/1.4-release
+nokit/1.4-release
 labels:
@@ Line 890: / Line 1,074: @@
 AffectsVersions:
 ---------------
-.2.16
+.12.0-r1
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+http://www.openwall.com/lists/oss-security/2020/07/21/2
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+http://xenbits.xen.org/xsa/advisory-329.html
-https://support.zabbix.com/browse/ZBX-18057
+https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
+https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.16
+CVE-2020-15121: dev-util/radare2-3.4.1
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+In radare2 before version 4.5.0, malformed PDB file names in the PDB server
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+path cause shell injection. To trigger the problem it's required to open the
+executable in radare2 and run idpd to trigger the download. The shell code will
+execute, and will create a file called pwned in the current directory.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-util/radare2
 KitBranch:
 ---------
-net-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 923: / Line 1,117: @@
 AffectsVersions:
 ---------------
-.2.16
+.4.1
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://github.com/radareorg/radare2/issues/16945
-https://support.zabbix.com/browse/ZBX-18057
+https://github.com/radareorg/radare2/pull/16966
+https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.21
+CVE-2020-15121: dev-util/radare2-3.5.0
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+In radare2 before version 4.5.0, malformed PDB file names in the PDB server
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+path cause shell injection. To trigger the problem it's required to open the
+executable in radare2 and run idpd to trigger the download. The shell code will
+execute, and will create a file called pwned in the current directory.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-util/radare2
 KitBranch:
 ---------
-net-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 956: / Line 1,162: @@
 AffectsVersions:
 ---------------
-.2.21
+.5.0
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://github.com/radareorg/radare2/issues/16945
-https://support.zabbix.com/browse/ZBX-18057
+https://github.com/radareorg/radare2/pull/16966
+https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.21
+CVE-2020-15121: dev-util/radare2-3.5.1
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 8.59
 Description:
 -----------
-[07/17/2020]
+[07/20/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+In radare2 before version 4.5.0, malformed PDB file names in the PDB server
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+path cause shell injection. To trigger the problem it's required to open the
+executable in radare2 and run idpd to trigger the download. The shell code will
+execute, and will create a file called pwned in the current directory.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-util/radare2
 KitBranch:
 ---------
-net-kit/1.4-release
+dev-kit/1.4-release
 labels:
@@ Line 989: / Line 1,207: @@
 AffectsVersions:
 ---------------
-.2.21
+.5.1
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://github.com/radareorg/radare2/issues/16945
-https://support.zabbix.com/browse/ZBX-18057
+https://github.com/radareorg/radare2/pull/16966
+https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.21
+CVE-2020-14001: dev-ruby/kramdown-1.17.0
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: 10.00
 Description:
 -----------
 [07/17/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+The kramdown gem before 2.3.0 for Ruby processes the template option inside
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+Kramdown documents by default, which allows unintended read access (such as
+template="/etc/passwd") or unintended embedded Ruby code execution (such as a
+string that begins with template="string://<%= `). NOTE: kramdown is used in
+Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-ruby/kramdown
 KitBranch:
 ---------
-net-kit/1.4-release
+ruby-kit/2.6-prime
 labels:
@@ Line 1,022: / Line 1,253: @@
 AffectsVersions:
 ---------------
-.2.21
+.17.0
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://github.com/gettalong/kramdown
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
-https://support.zabbix.com/browse/ZBX-18057
+https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
+https://kramdown.gettalong.org
+https://kramdown.gettalong.org/news.html
+https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E
+https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html
+https://rubygems.org/gems/kramdown
+https://security.netapp.com/advisory/ntap-20200731-0004/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.21
+CVE-2020-15586: dev-lang/go-1.12.17
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
 -----------
 [07/17/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
+a request body and writes a response at the same time.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-lang/go
 KitBranch:
 ---------
-net-kit/1.4-release
+lang-kit/1.4-release
 labels:
@@ Line 1,055: / Line 1,300: @@
 AffectsVersions:
 ---------------
-.2.21
+.12.17
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
-https://support.zabbix.com/browse/ZBX-18057
+https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
+https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
+https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
+https://security.netapp.com/advisory/ntap-20200731-0005/
+https://www.cloudfoundry.org/blog/cve-2020-15586/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.23
+CVE-2020-14039: dev-lang/go-1.12.17
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 10.00
 Description:
 -----------
 [07/17/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
+equals nil and the installation is on Windows). Thus, X.509 certificate
+verification is incomplete.
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-lang/go
 KitBranch:
 ---------
-net-kit/1.4-release
+lang-kit/1.4-release
 labels:
@@ Line 1,088: / Line 1,347: @@
 AffectsVersions:
 ---------------
-.2.23
+.12.17
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
-https://support.zabbix.com/browse/ZBX-18057
+https://groups.google.com/forum/#!forum/golang-announce
+https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
+https://security.netapp.com/advisory/ntap-20200731-0005/
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.23
+CVE-2020-15803: net-analyzer/zabbix-2.2.16
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,121: / Line 1,389: @@
 AffectsVersions:
 ---------------
-.2.23
+.2.16
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-2.2.23
+CVE-2020-15803: net-analyzer/zabbix-2.2.16
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,154: / Line 1,430: @@
 AffectsVersions:
 ---------------
-.2.23
+.2.16
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-3.0.26
+CVE-2020-15803: net-analyzer/zabbix-2.2.21
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,187: / Line 1,471: @@
 AffectsVersions:
 ---------------
-.0.26
+.2.21
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-3.0.26
+CVE-2020-15803: net-analyzer/zabbix-2.2.21
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,220: / Line 1,512: @@
 AffectsVersions:
 ---------------
-.0.26
+.2.21
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-3.0.26
+CVE-2020-15803: net-analyzer/zabbix-2.2.21
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,253: / Line 1,553: @@
 AffectsVersions:
 ---------------
-.0.26
+.2.21
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.6
+CVE-2020-15803: net-analyzer/zabbix-2.2.23
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,286: / Line 1,594: @@
 AffectsVersions:
 ---------------
-.0.6
+.2.23
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.6
+CVE-2020-15803: net-analyzer/zabbix-2.2.23
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,319: / Line 1,635: @@
 AffectsVersions:
 ---------------
-.0.6
+.2.23
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.6
+CVE-2020-15803: net-analyzer/zabbix-3.0.26
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,352: / Line 1,676: @@
 AffectsVersions:
 ---------------
-.0.6
+.0.26
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.6
+CVE-2020-15803: net-analyzer/zabbix-3.0.26
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,385: / Line 1,717: @@
 AffectsVersions:
 ---------------
-.0.6
+.0.26
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.7
+CVE-2020-15803: net-analyzer/zabbix-4.0.6
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,418: / Line 1,758: @@
 AffectsVersions:
 ---------------
-.0.7
+.0.6
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.7
+CVE-2020-15803: net-analyzer/zabbix-4.0.6
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,451: / Line 1,799: @@
 AffectsVersions:
 ---------------
-.0.7
+.0.6
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.7
+CVE-2020-15803: net-analyzer/zabbix-4.0.6
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,484: / Line 1,840: @@
 AffectsVersions:
 ---------------
-.0.7
+.0.6
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.9
+CVE-2020-15803: net-analyzer/zabbix-4.0.7
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,517: / Line 1,881: @@
 AffectsVersions:
 ---------------
-.0.9
+.0.7
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.0.9
+CVE-2020-15803: net-analyzer/zabbix-4.0.7
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,550: / Line 1,922: @@
 AffectsVersions:
 ---------------
-.0.9
+.0.7
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-3.2.11
+CVE-2020-15803: net-analyzer/zabbix-4.0.9
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: 8.59
 Description:
@@ Line 1,583: / Line 1,963: @@
 AffectsVersions:
 ---------------
-.2.11
+.0.9
 Facts:
 -----
+https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
 https://support.zabbix.com/browse/ZBX-18057
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-3.4.15
+CVE-2020-15117: x11-misc/synergy-1.9.1
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
 Description:
 -----------
-[07/17/2020]
+[07/15/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+In Synergy before version 1.12.0, a Synergy server can be crashed by receiving
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295)
+if the servers memory is less than 4 GB. It was verified that this issue does
+not cause a crash through the exception handler if the available memory of the
+Server is more than 4GB.
+CatPkg:
+------
+x11-misc/synergy
+KitBranch:
+---------
+desktop-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.9.1
+Facts:
+-----
+https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
+https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14702: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-db/mysql
 KitBranch:
 ---------
-net-kit/1.4-release
+core-server-kit/1.4-release
 labels:
@@ Line 1,616: / Line 2,052: @@
 AffectsVersions:
 ---------------
-.4.15
+.5.61
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://security.netapp.com/advisory/ntap-20200717-0004/
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://usn.ubuntu.com/4441-1/
-https://support.zabbix.com/browse/ZBX-18057
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
 Summary:
 -------
-CVE-2020-15803: net-analyzer/zabbix-4.2.3
+CVE-2020-14651: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
 Description:
 -----------
-[07/17/2020]
+[07/15/2020]
-Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
-.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 CatPkg:
 ------
-net-analyzer/zabbix
+dev-db/mysql
 KitBranch:
 ---------
-net-kit/1.4-release
+core-server-kit/1.4-release
 labels:
@@ Line 1,649: / Line 2,099: @@
 AffectsVersions:
 ---------------
-.2.3
+.5.61
 Facts:
 -----
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
+https://security.netapp.com/advisory/ntap-20200717-0004/
-https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
+https://usn.ubuntu.com/4441-1/
-https://support.zabbix.com/browse/ZBX-18057
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14663: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14624: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: JSON). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14697: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14643: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14656: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Locking). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14623: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14680: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14631: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Audit). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14654: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14620: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14678: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14619: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Parser). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14597: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14576: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: UDF). Supported versions that are affected are 5.7.30 and prior and
+.0.20 and prior. Easily exploitable vulnerability allows low privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14575: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14614: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14591: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Audit Plug-in). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14568: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14586: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14567: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Replication). Supported versions that are affected are 5.7.29 and prior and
+.0.19 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14559: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Information Schema). Supported versions that are affected are 5.6.48 and
+prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
+allows low privileged attacker with network access via multiple protocols
+to compromise MySQL Server. Successful attacks of this vulnerability can
+result in unauthorized read access to a subset of MySQL Server accessible
+data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14553: dev-db/mysql-5.5.61
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Pluggable Auth). Supported versions that are affected are 5.7.30
+and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
+low privileged attacker with network access via multiple protocols to
+compromise MySQL Server. Successful attacks of this vulnerability can result
+in unauthorized update, insert or delete access to some of MySQL Server
+accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.61
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14702: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14651: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14663: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14624: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: JSON). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14697: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14643: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14656: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Locking). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14623: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14631: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Audit). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14680: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14654: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14620: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14678: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14619: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Parser). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14597: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14576: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: UDF). Supported versions that are affected are 5.7.30 and prior and
+.0.20 and prior. Easily exploitable vulnerability allows low privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14575: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14614: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14591: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Audit Plug-in). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14568: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14586: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14567: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Replication). Supported versions that are affected are 5.7.29 and prior and
+.0.19 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14559: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Information Schema). Supported versions that are affected are 5.6.48 and
+prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
+allows low privileged attacker with network access via multiple protocols
+to compromise MySQL Server. Successful attacks of this vulnerability can
+result in unauthorized read access to a subset of MySQL Server accessible
+data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14553: dev-db/mysql-5.5.62
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Pluggable Auth). Supported versions that are affected are 5.7.30
+and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
+low privileged attacker with network access via multiple protocols to
+compromise MySQL Server. Successful attacks of this vulnerability can result
+in unauthorized update, insert or delete access to some of MySQL Server
+accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.5.62
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14702: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14651: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14663: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14624: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: JSON). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14697: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14643: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 4.94
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Roles). Supported versions that are affected are 8.0.20 and prior.
+Easily exploitable vulnerability allows high privileged attacker with network
+access via multiple protocols to compromise MySQL Server. Successful attacks
+of this vulnerability can result in unauthorized ability to cause a hang
+or frequently repeatable crash (complete DOS) of MySQL Server as well as
+unauthorized update, insert or delete access to some of MySQL Server accessible
+data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14656: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Locking). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14623: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14631: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Audit). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14680: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14654: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14620: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14678: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 6.44
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Security: Privileges). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker with
+network access via multiple protocols to compromise MySQL Server. Successful
+attacks of this vulnerability can result in takeover of MySQL Server. CVSS
+.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
+Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14619: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Parser). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14597: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14576: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: UDF). Supported versions that are affected are 5.7.30 and prior and
+.0.20 and prior. Easily exploitable vulnerability allows low privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14614: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Optimizer). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14575: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: DML). Supported versions that are affected are 8.0.20 and
+prior. Easily exploitable vulnerability allows high privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14591: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Audit Plug-in). Supported versions that are affected are 8.0.20
+and prior. Easily exploitable vulnerability allows low privileged attacker
+with network access via multiple protocols to compromise MySQL Server.
+Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14568: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
+Supported versions that are affected are 8.0.20 and prior. Easily exploitable
+vulnerability allows high privileged attacker with network access via multiple
+protocols to compromise MySQL Server. Successful attacks of this vulnerability
+can result in unauthorized ability to cause a hang or frequently repeatable
+crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
+impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14586: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component:
+Server: Security: Privileges). Supported versions that are affected are
+.0.20 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14567: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Replication). Supported versions that are affected are 5.7.29 and prior and
+.0.19 and prior. Easily exploitable vulnerability allows high privileged
+attacker with network access via multiple protocols to compromise MySQL
+Server. Successful attacks of this vulnerability can result in unauthorized
+ability to cause a hang or frequently repeatable crash (complete DOS) of
+MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14559: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------
+[07/15/2020]
+Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
+Information Schema). Supported versions that are affected are 5.6.48 and
+prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
+allows low privileged attacker with network access via multiple protocols
+to compromise MySQL Server. Successful attacks of this vulnerability can
+result in unauthorized read access to a subset of MySQL Server accessible
+data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
+(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
+CatPkg:
+------
+dev-db/mysql
+KitBranch:
+---------
+core-server-kit/1.4-release
+labels:
+------
+security
+AffectsVersions:
+---------------
+.6.42
+Facts:
+-----
+https://security.netapp.com/advisory/ntap-20200717-0004/
+https://usn.ubuntu.com/4441-1/
+https://www.oracle.com/security-alerts/cpujul2020.html
+--------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
+Summary:
+-------
+CVE-2020-14553: dev-db/mysql-5.6.42
+Scores:
+------
+Impact: 2.86
+Ability to Exploit: _
+Description:
+-----------