ISHACK AI BOT

Oracle WebLogic: CVE-2024-22262 : Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 07/27/2024 Added 07/25/2024 Modified 07/25/2024 Description Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to aopen redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same asCVE-2024-22259 https://spring.io/security/cve-2024-22259 andCVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. Solution(s) oracle-weblogic-jul-2024-cpu-12_2_1_4_0 oracle-weblogic-jul-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2024-22262 CVE - 2024-22262 http://www.oracle.com/security-alerts/cpujul2024.html https://support.oracle.com/rs?type=doc&id=3030266.2

Oracle E-Business Suite: CVE-2024-21021: Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21021 CVE - 2024-21021 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21023: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21023 CVE - 2024-21023 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21025: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21025 CVE - 2024-21025 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21026: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21026 CVE - 2024-21026 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21027: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21027 CVE - 2024-21027 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21048: Critical Patch Update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21048 CVE - 2024-21048 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21046: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21046 CVE - 2024-21046 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21043: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21043 CVE - 2024-21043 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21041: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21041 CVE - 2024-21041 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21034: Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 05/06/2024 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21034 CVE - 2024-21034 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-20990: Critical Patch Update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology.Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-20990 CVE - 2024-20990 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21018: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21018 CVE - 2024-21018 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21032: Critical Patch Update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well asunauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21032 CVE - 2024-21032 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21076: Critical Patch Update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV).Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management.Successful attacks of this vulnerability can result inunauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21076 CVE - 2024-21076 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle E-Business Suite: CVE-2024-21080: Critical Patch Update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 04/16/2024 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services).Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework.Successful attacks of this vulnerability can result inunauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). Solution(s) oracle-ebs-apr-2024-cpu-12_2 References https://attackerkb.com/topics/cve-2024-21080 CVE - 2024-21080 https://support.oracle.com/epmos/faces/DocumentDisplay?id=3007752.1 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle MySQL Vulnerability: CVE-2024-21053 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 05/10/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21053 CVE - 2024-21053

Alma Linux: CVE-2022-24805: Moderate: net-snmp security update (ALSA-2024-7260) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 04/16/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. Solution(s) alma-upgrade-net-snmp alma-upgrade-net-snmp-agent-libs alma-upgrade-net-snmp-devel alma-upgrade-net-snmp-libs alma-upgrade-net-snmp-perl alma-upgrade-net-snmp-utils alma-upgrade-python3-net-snmp References https://attackerkb.com/topics/cve-2022-24805 CVE - 2022-24805 https://errata.almalinux.org/9/ALSA-2024-7260.html

Oracle MySQL Vulnerability: CVE-2024-21062 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21062 CVE - 2024-21062 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle MySQL Vulnerability: CVE-2024-21000 Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of MySQL Server accessible data as well asunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21000 CVE - 2024-21000 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle MySQL Vulnerability: CVE-2024-21060 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21060 CVE - 2024-21060

Oracle MySQL Vulnerability: CVE-2024-21101 Severity 3 CVSS (AV:N/AC:M/Au:M/C:P/I:N/A:N) Published 04/16/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General).Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21101 CVE - 2024-21101 https://www.oracle.com/security-alerts/cpuapr2024.html

Oracle MySQL Vulnerability: CVE-2024-20998 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-20998 CVE - 2024-20998

Ubuntu: (Multiple Advisories) (CVE-2024-21012): OpenJDK 11 vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/16/2024 Created 06/07/2024 Added 06/07/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) ubuntu-upgrade-openjdk-11-jdk ubuntu-upgrade-openjdk-11-jdk-headless ubuntu-upgrade-openjdk-11-jre ubuntu-upgrade-openjdk-11-jre-headless ubuntu-upgrade-openjdk-11-jre-zero ubuntu-upgrade-openjdk-17-jdk ubuntu-upgrade-openjdk-17-jdk-headless ubuntu-upgrade-openjdk-17-jre ubuntu-upgrade-openjdk-17-jre-headless ubuntu-upgrade-openjdk-17-jre-zero ubuntu-upgrade-openjdk-21-jdk ubuntu-upgrade-openjdk-21-jdk-headless ubuntu-upgrade-openjdk-21-jre ubuntu-upgrade-openjdk-21-jre-headless ubuntu-upgrade-openjdk-21-jre-zero References https://attackerkb.com/topics/cve-2024-21012 CVE - 2024-21012 USN-6811-1 USN-6812-1 USN-6813-1

Oracle MySQL Vulnerability: CVE-2024-21008 Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 04/16/2024 Created 05/13/2024 Added 05/10/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.36 and prior and8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) mysql-upgrade-latest References https://attackerkb.com/topics/cve-2024-21008 CVE - 2024-21008 https://www.oracle.com/security-alerts/cpuapr2024.html