ISHACK AI BOT

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22102): MySQL -- Multiple vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22102

Red Hat: CVE-2023-22070: mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22070 RHSA-2024:0894 RHSA-2024:1141

Alpine Linux: CVE-2023-22084: Vulnerability in Multiple Components Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) alpine-linux-upgrade-mariadb References https://attackerkb.com/topics/cve-2023-22084 CVE - 2023-22084 https://security.alpinelinux.org/vuln/CVE-2023-22084

Alpine Linux: CVE-2023-22091: Vulnerability in Multiple Components Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler).Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 20.3.11, 21.3.7 and22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well asunauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). Solution(s) alpine-linux-upgrade-openjdk21 References https://attackerkb.com/topics/cve-2023-22091 CVE - 2023-22091 https://security.alpinelinux.org/vuln/CVE-2023-22091

Alma Linux: CVE-2023-22092: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-22092 CVE - 2023-22092 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Red Hat: CVE-2023-22103: mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22103 RHSA-2024:0894 RHSA-2024:1141

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22110): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22110

Red Hat: CVE-2023-22110: mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22110 RHSA-2024:0894 RHSA-2024:1141

Red Hat: CVE-2023-22115: mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22115 RHSA-2024:0894 RHSA-2024:1141

Red Hat: CVE-2023-22025: memory corruption issue on x86_64 with AVX-512 (8317121) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/17/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) redhat-upgrade-java-17-openjdk redhat-upgrade-java-17-openjdk-debuginfo redhat-upgrade-java-17-openjdk-debugsource redhat-upgrade-java-17-openjdk-demo redhat-upgrade-java-17-openjdk-demo-fastdebug redhat-upgrade-java-17-openjdk-demo-slowdebug redhat-upgrade-java-17-openjdk-devel redhat-upgrade-java-17-openjdk-devel-debuginfo redhat-upgrade-java-17-openjdk-devel-fastdebug redhat-upgrade-java-17-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-devel-slowdebug redhat-upgrade-java-17-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-fastdebug redhat-upgrade-java-17-openjdk-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless redhat-upgrade-java-17-openjdk-headless-debuginfo redhat-upgrade-java-17-openjdk-headless-fastdebug redhat-upgrade-java-17-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-17-openjdk-headless-slowdebug redhat-upgrade-java-17-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-javadoc redhat-upgrade-java-17-openjdk-javadoc-zip redhat-upgrade-java-17-openjdk-jmods redhat-upgrade-java-17-openjdk-jmods-fastdebug redhat-upgrade-java-17-openjdk-jmods-slowdebug redhat-upgrade-java-17-openjdk-slowdebug redhat-upgrade-java-17-openjdk-slowdebug-debuginfo redhat-upgrade-java-17-openjdk-src redhat-upgrade-java-17-openjdk-src-fastdebug redhat-upgrade-java-17-openjdk-src-slowdebug redhat-upgrade-java-17-openjdk-static-libs redhat-upgrade-java-17-openjdk-static-libs-fastdebug redhat-upgrade-java-17-openjdk-static-libs-slowdebug redhat-upgrade-java-21-openjdk redhat-upgrade-java-21-openjdk-debuginfo redhat-upgrade-java-21-openjdk-debugsource redhat-upgrade-java-21-openjdk-demo redhat-upgrade-java-21-openjdk-demo-fastdebug redhat-upgrade-java-21-openjdk-demo-slowdebug redhat-upgrade-java-21-openjdk-devel redhat-upgrade-java-21-openjdk-devel-debuginfo redhat-upgrade-java-21-openjdk-devel-fastdebug redhat-upgrade-java-21-openjdk-devel-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-devel-slowdebug redhat-upgrade-java-21-openjdk-devel-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-fastdebug redhat-upgrade-java-21-openjdk-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-headless redhat-upgrade-java-21-openjdk-headless-debuginfo redhat-upgrade-java-21-openjdk-headless-fastdebug redhat-upgrade-java-21-openjdk-headless-fastdebug-debuginfo redhat-upgrade-java-21-openjdk-headless-slowdebug redhat-upgrade-java-21-openjdk-headless-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-javadoc redhat-upgrade-java-21-openjdk-javadoc-zip redhat-upgrade-java-21-openjdk-jmods redhat-upgrade-java-21-openjdk-jmods-fastdebug redhat-upgrade-java-21-openjdk-jmods-slowdebug redhat-upgrade-java-21-openjdk-slowdebug redhat-upgrade-java-21-openjdk-slowdebug-debuginfo redhat-upgrade-java-21-openjdk-src redhat-upgrade-java-21-openjdk-src-fastdebug redhat-upgrade-java-21-openjdk-src-slowdebug redhat-upgrade-java-21-openjdk-static-libs redhat-upgrade-java-21-openjdk-static-libs-fastdebug redhat-upgrade-java-21-openjdk-static-libs-slowdebug References CVE-2023-22025 RHSA-2023:5750 RHSA-2023:5751 RHSA-2023:5752 RHSA-2023:5753 RHSA-2023:6738 RHSA-2023:6887 View more

Red Hat: CVE-2023-22026: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 09/04/2024 Added 09/03/2024 Modified 09/13/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 5.7.42 and prior and8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22026 RHSA-2023:2621 RHSA-2023:3087

Red Hat: CVE-2023-22028: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 09/04/2024 Added 09/03/2024 Modified 09/13/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 5.7.43 and prior and8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22028 RHSA-2023:2621 RHSA-2023:3087

Oracle Linux: CVE-2023-22065: ELSA-2024-1141:mysql security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/24/2024 Added 02/22/2024 Modified 01/07/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-22065 CVE - 2023-22065 ELSA-2024-1141 ELSA-2024-0894

FreeBSD: VID-22DF5074-71CD-11EE-85EB-84A93843EB75 (CVE-2023-22103): MySQL -- Multiple vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 10/26/2023 Added 10/24/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) freebsd-upgrade-package-mysql-connector-c freebsd-upgrade-package-mysql-connector-j freebsd-upgrade-package-mysql-connector-odbc freebsd-upgrade-package-mysql57-server freebsd-upgrade-package-mysql80-server References CVE-2023-22103

Java CPU October 2023 Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK vulnerability (CVE-2023-22025) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/17/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise Edition: 21.3.7 and22.3.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition,.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) jre-upgrade-latest References https://attackerkb.com/topics/cve-2023-22025 CVE - 2023-22025 http://www.oracle.com/security-alerts/cpuoct2023.html

Alma Linux: CVE-2023-22059: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/17/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-22059 CVE - 2023-22059 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Oracle Linux: CVE-2023-22097: ELSA-2024-1141:mysql security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/24/2024 Added 02/22/2024 Modified 01/07/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-22097 CVE - 2023-22097 ELSA-2024-1141 ELSA-2024-0894

Red Hat: CVE-2023-22114: mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).Supported versions that are affected are 8.0.34 and prior and8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22114 RHSA-2024:0894 RHSA-2024:1141

Red Hat: CVE-2023-22113: mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22113 RHSA-2024:0894 RHSA-2024:1141

Ubuntu: USN-6459-1 (CVE-2023-22079): MySQL vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/17/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2023-22079 CVE - 2023-22079 USN-6459-1

Ubuntu: (CVE-2023-22113): mysql-8.0 vulnerability Severity 3 CVSS (AV:N/AC:L/Au:M/C:P/I:N/A:N) Published 10/17/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result inunauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). Solution(s) ubuntu-upgrade-mysql-8-0 References https://attackerkb.com/topics/cve-2023-22113 CVE - 2023-22113 https://www.cve.org/CVERecord?id=CVE-2023-22113 https://www.oracle.com/security-alerts/cpuoct2023.html

Red Hat: CVE-2023-22092: mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/22/2024 Added 02/21/2024 Modified 09/03/2024 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) redhat-upgrade-mecab redhat-upgrade-mecab-debuginfo redhat-upgrade-mecab-debugsource redhat-upgrade-mecab-devel redhat-upgrade-mecab-ipadic redhat-upgrade-mecab-ipadic-eucjp redhat-upgrade-mysql redhat-upgrade-mysql-common redhat-upgrade-mysql-debuginfo redhat-upgrade-mysql-debugsource redhat-upgrade-mysql-devel redhat-upgrade-mysql-devel-debuginfo redhat-upgrade-mysql-errmsg redhat-upgrade-mysql-libs redhat-upgrade-mysql-libs-debuginfo redhat-upgrade-mysql-server redhat-upgrade-mysql-server-debuginfo redhat-upgrade-mysql-test redhat-upgrade-mysql-test-debuginfo References CVE-2023-22092 RHSA-2024:0894 RHSA-2024:1141

VMware Photon OS: CVE-2023-45803 Severity 4 CVSS (AV:A/AC:H/Au:M/C:C/I:N/A:N) Published 10/17/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-45803 CVE - 2023-45803

Oracle Linux: CVE-2023-22110: ELSA-2024-1141:mysql security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 10/17/2023 Created 02/24/2024 Added 02/22/2024 Modified 01/07/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) oracle-linux-upgrade-mecab oracle-linux-upgrade-mecab-devel oracle-linux-upgrade-mecab-ipadic oracle-linux-upgrade-mecab-ipadic-eucjp oracle-linux-upgrade-mysql oracle-linux-upgrade-mysql-common oracle-linux-upgrade-mysql-devel oracle-linux-upgrade-mysql-errmsg oracle-linux-upgrade-mysql-libs oracle-linux-upgrade-mysql-server oracle-linux-upgrade-mysql-test References https://attackerkb.com/topics/cve-2023-22110 CVE - 2023-22110 ELSA-2024-1141 ELSA-2024-0894

Amazon Linux AMI: CVE-2023-22067: Security patch for java-1.8.0-openjdk (ALAS-2024-1904) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/17/2023 Created 01/11/2024 Added 01/09/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: CORBA).Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf; Oracle GraalVM Enterprise Edition: 20.3.11 and21.3.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) amazon-linux-upgrade-java-1-8-0-openjdk References ALAS-2024-1904 CVE-2023-22067