注意:

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Difference between revisions of "FLOP:CVE Monitoring"

From Funtoo
Jump to navigation Jump to search
m
 
(7 intermediate revisions by the same user not shown)
Line 7: Line 7:
}}
}}
= <tt>cver</tt>: A Tool for Monitoring CVEs =
= <tt>cver</tt>: A Tool for Monitoring CVEs =
{{note|<tt>cver</tt> now uses a MongoDB instance on the Funtoo infrastructure. No need to run your own!}}
{{warning|<tt>cver</tt> as a stand-alone project is going away. It will be be reborn as a <tt>pop</tt>-based application. It will still be around for those interested but its capabilities will be expanded greatly as a <tt>metatools</tt> plugin.}}
== Summary ==
== Summary ==
Ultimately, not all ebuilds are created equal. Hence they are updated at different rates according to their popularity in the tree of available packages and this is generally fine: packages with a lot of use get updated frequently, and vulnerabilities are generally dealt with. Unpopular ebuilds can languish, and no one really cares. However, unpopular ebuilds with a significant vulnerability should be updated, popular or not, as they represent a potential vector for attack, if they can be installed.
Ultimately, not all ebuilds are created equal. Hence they are updated at different rates according to their popularity in the tree of available packages and this is generally fine: packages with a lot of use get updated frequently, and vulnerabilities are generally dealt with. Unpopular ebuilds can languish, and no one really cares. However, unpopular ebuilds with a significant vulnerability should be updated, popular or not, as they represent a potential vector for attack, if they can be installed.
Line 43: Line 47:
* A <tt>user</tt> can query the <tt>redis</tt> cache and create reports.  
* A <tt>user</tt> can query the <tt>redis</tt> cache and create reports.  
* ''discussion'' produces issues to be posted at <tt>jira</tt>.
* ''discussion'' produces issues to be posted at <tt>jira</tt>.
* Note: it could be true that <tt>dev == bot</tt>; a report can contain REST api urls for <tt>jira</tt>
== Algorithm ==
== Algorithm ==


Line 77: Line 81:
</syntaxhighlight>                                       
</syntaxhighlight>                                       


An important key in the collection is that of <tt>vulnerable_product</tt>. It contains the ''Common Platform Enumeration'' of the affected piece of software, and can potentially be matched (along with the affected product's version(s)) to packages in the Funtoo portage meta-repo.  
An important key in the collection is that of <tt>vulnerable_product</tt>. It contains an array of the ''Common Platform Enumeration'' of the affected pieces of software, and can potentially be matched (along with the affected product's version(s)) to packages in the Funtoo portage meta-repo.  


This is the bird's eye view of what a [https://nvd.nist.gov/products/cpe CPE] is:
This is the bird's eye view of what a [https://nvd.nist.gov/products/cpe CPE] is:
Line 87: Line 91:


Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
Once a match is made, the <tt>cve-search</tt> collection and the portage package database (via {{package|app-portage/eix}}) can be combined to produce the data appropriate for a report.
This is meant to be human in the loop automation: we cannot just be spamming <tt>jira</tt>, and <tt>dev</tt>s must take ownership of issues.
{{FLOPFooter}}
{{FLOPFooter}}


== State ==
== State ==
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. Of course, <tt>jira</tt> and <tt>mongoDB</tt> are not, and their states must be kept in sync. Does <tt>cver</tt> require its own set of <tt>mongoDB</tt> collections to maintain the sync? This probably the most challenging aspect of the proposal.  
The <tt>cver</tt> tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function <tt>eix_xml</tt> might be nice. It would have to be wiped when eix was updated, of course.
 
== Example Output Mon 10 Aug 2020 10:39:01 PM EDT ==
 
 
Summary:
-------
CVE-2020-15115: dev-db/etcd-3.3.12
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[08/06/2020]
etcd before versions 3.3.23 and 3.4.10 does not perform any password length
validation, which allows for very short passwords, such as those with a length
of one. This may allow an attacker to guess or brute-force users' passwords with
little computational effort.
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.12
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15113: dev-db/etcd-3.3.12
 
Scores:
------
Impact: 4.94
Ability to Exploit: 3.95
 
Description:
-----------
[08/05/2020]
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
(etcd data directory and the directory path when provided to automatically
generate self-signed certificates for TLS connections with clients) with
restricted access permissions (700) by using the os.MkdirAll. This function does
not perform any permission checks when a given directory path exists already.
A possible workaround is to ensure the directories have the desired permission
(700).
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.12
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15114: dev-db/etcd-3.3.12
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[08/06/2020]
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
proxy to allow for basic service discovery and access. However, it is possible
to include the gateway address as an endpoint. This results in a denial of
service, since the endpoint can become stuck in a loop of requesting itself
until there are no more available file descriptors to accept connections on the
gateway.
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.12
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15115: dev-db/etcd-3.3.13
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[08/06/2020]
etcd before versions 3.3.23 and 3.4.10 does not perform any password length
validation, which allows for very short passwords, such as those with a length
of one. This may allow an attacker to guess or brute-force users' passwords with
little computational effort.
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.13
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15113: dev-db/etcd-3.3.13
 
Scores:
------
Impact: 4.94
Ability to Exploit: 3.95
 
Description:
-----------
[08/05/2020]
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created
(etcd data directory and the directory path when provided to automatically
generate self-signed certificates for TLS connections with clients) with
restricted access permissions (700) by using the os.MkdirAll. This function does
not perform any permission checks when a given directory path exists already.
A possible workaround is to ensure the directories have the desired permission
(700).
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.13
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15114: dev-db/etcd-3.3.13
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[08/06/2020]
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP
proxy to allow for basic service discovery and access. However, it is possible
to include the gateway address as an endpoint. This results in a denial of
service, since the endpoint can become stuck in a loop of requesting itself
until there are no more available file descriptors to accept connections on the
gateway.
 
CatPkg:
------
dev-db/etcd
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.3.13
 
Facts:
-----
https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-16117: gnome-extra/evolution-data-server-3.36.2
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/29/2020]
In GNOME evolution-data-server before 3.35.91, a malicious server can
crash the mail client with a NULL pointer dereference by sending an invalid
(e.g., minimal) CAPABILITY line on a connection attempt. This is related to
imapx_free_capability and imapx_connect_to_server.
 
CatPkg:
------
gnome-extra/evolution-data-server
 
KitBranch:
---------
gnome-kit/3.36-prime
 
labels:
------
security
 
AffectsVersions:
---------------
3.36.2
 
Facts:
-----
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189
https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that
affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads
additional data and evaluates it in a TLS context, aka "response injection."
 
CatPkg:
------
gnome-extra/evolution-data-server
 
KitBranch:
---------
gnome-kit/3.36-prime
 
labels:
------
security
 
AffectsVersions:
---------------
3.36.2
 
Facts:
-----
https://bugzilla.suse.com/show_bug.cgi?id=1173910
https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac
https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226
https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/
https://security-tracker.debian.org/tracker/DLA-2281-1
https://security-tracker.debian.org/tracker/DSA-4725-1
https://usn.ubuntu.com/4429-1/
https://www.debian.org/security/2020/dsa-4725
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-13699: net-misc/teamviewer-14.1.3399
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/29/2020]
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
force a victim to send an NTLM authentication request and either relay the
request or capture the hash for offline password cracking. This affects
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 
CatPkg:
------
net-misc/teamviewer
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
14.1.3399
 
Facts:
-----
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-13699: net-misc/teamviewer-14.1.9025
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/29/2020]
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
force a victim to send an NTLM authentication request and either relay the
request or capture the hash for offline password cracking. This affects
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 
CatPkg:
------
net-misc/teamviewer
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
14.1.9025
 
Facts:
-----
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-13699: net-misc/teamviewer-14.1.18533
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/29/2020]
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
force a victim to send an NTLM authentication request and either relay the
request or capture the hash for offline password cracking. This affects
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 
CatPkg:
------
net-misc/teamviewer
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
14.1.18533
 
Facts:
-----
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-13699: net-misc/teamviewer-14.2.2558
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/29/2020]
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
force a victim to send an NTLM authentication request and either relay the
request or capture the hash for offline password cracking. This affects
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 
CatPkg:
------
net-misc/teamviewer
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
14.2.2558
 
Facts:
-----
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-13699: net-misc/teamviewer-14.2.8352
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/29/2020]
TeamViewer Desktop for Windows before 15.8.3 does not properly quote its
custom URI handlers. A malicious website could launch TeamViewer with arbitrary
parameters, as demonstrated by a teamviewer10: --play URL. An attacker could
force a victim to send an NTLM authentication request and either relay the
request or capture the hash for offline password cracking. This affects
teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1,
tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1,
and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873,
11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.
 
CatPkg:
------
net-misc/teamviewer
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
14.2.8352
 
Facts:
-----
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448
https://jeffs.sh/CVEs/CVE-2020-13699.txt
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-12460: mail-filter/opendmarc-1.1.3
 
Scores:
------
Impact: 6.44
Ability to Exploit: 10.00
 
Description:
-----------
[07/27/2020]
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null
termination in the function opendmarc_xml_parse that can result in a one-byte
heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate
report. This can cause remote memory corruption when a '\0' byte overwrites the
heap metadata of the next chunk and its PREV_INUSE flag.
 
CatPkg:
------
mail-filter/opendmarc
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.1.3
 
Facts:
-----
https://github.com/trusteddomainproject/OpenDMARC/issues/64
https://sourceforge.net/projects/opendmarc/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15953: net-libs/libetpan-1.9.3
 
Scores:
------
Impact: 4.94
Ability to Exploit: 8.59
 
Description:
-----------
[07/27/2020]
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products,
has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server
sends a "begin TLS" response, the client reads additional data (e.g., from a
meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response
injection."
 
CatPkg:
------
net-libs/libetpan
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.9.3
 
Facts:
-----
https://github.com/dinhvh/libetpan/issues/386
https://security.gentoo.org/glsa/202007-55
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-5.0.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.0.25
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.3
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.3
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.4
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.4
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.5
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.5
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-1776: www-apps/otrs-6.0.7
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/20/2020]
When an agent user is renamed or set to invalid the session belonging to the
user is keept active. The session can not be used to access ticket data in the
case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28
and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.
 
CatPkg:
------
www-apps/otrs
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
6.0.7
 
Facts:
-----
https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.10.3-r1
 
Scores:
------
Impact: 6.44
Ability to Exploit: 3.95
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.10.3-r1
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.11.1-r3
 
Scores:
------
Impact: 6.44
Ability to Exploit: 3.95
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.11.1-r3
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15852: app-emulation/xen-4.12.0-r1
 
Scores:
------
Impact: 6.44
Ability to Exploit: 3.95
 
Description:
-----------
[07/20/2020]
An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in
Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port
permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap
mishandling causes a loss of synchronization between the I/O bitmaps of TSS and
Xen, aka CID-cadfad870154.
 
CatPkg:
------
app-emulation/xen
 
KitBranch:
---------
nokit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.12.0-r1
 
Facts:
-----
http://www.openwall.com/lists/oss-security/2020/07/21/2
http://xenbits.xen.org/xsa/advisory-329.html
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2
https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.4.1
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.4.1
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.5.0
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.5.0
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15121: dev-util/radare2-3.5.1
 
Scores:
------
Impact: 6.44
Ability to Exploit: 8.59
 
Description:
-----------
[07/20/2020]
In radare2 before version 4.5.0, malformed PDB file names in the PDB server
path cause shell injection. To trigger the problem it's required to open the
executable in radare2 and run idpd to trigger the download. The shell code will
execute, and will create a file called pwned in the current directory.
 
CatPkg:
------
dev-util/radare2
 
KitBranch:
---------
dev-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.5.1
 
Facts:
-----
https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9
https://github.com/radareorg/radare2/issues/16945
https://github.com/radareorg/radare2/pull/16966
https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14001: dev-ruby/kramdown-1.17.0
 
Scores:
------
Impact: 6.44
Ability to Exploit: 10.00
 
Description:
-----------
[07/17/2020]
The kramdown gem before 2.3.0 for Ruby processes the template option inside
Kramdown documents by default, which allows unintended read access (such as
template="/etc/passwd") or unintended embedded Ruby code execution (such as a
string that begins with template="string://<%= `). NOTE: kramdown is used in
Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.
 
CatPkg:
------
dev-ruby/kramdown
 
KitBranch:
---------
ruby-kit/2.6-prime
 
labels:
------
security
 
AffectsVersions:
---------------
1.17.0
 
Facts:
-----
https://github.com/gettalong/kramdown
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
https://kramdown.gettalong.org
https://kramdown.gettalong.org/news.html
https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html
https://rubygems.org/gems/kramdown
https://security.netapp.com/advisory/ntap-20200731-0004/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15586: dev-lang/go-1.12.17
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http
servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads
a request body and writes a response at the same time.
 
CatPkg:
------
dev-lang/go
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.12.17
 
Facts:
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/
https://security.netapp.com/advisory/ntap-20200731-0005/
https://www.cloudfoundry.org/blog/cve-2020-15586/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14039: dev-lang/go-1.12.17
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/17/2020]
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a
check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots
equals nil and the installation is on Windows). Thus, X.509 certificate
verification is incomplete.
 
CatPkg:
------
dev-lang/go
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.12.17
 
Facts:
-----
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html
https://groups.google.com/forum/#!forum/golang-announce
https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w
https://security.netapp.com/advisory/ntap-20200731-0005/
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.16
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.16
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.16
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.21
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.21
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.23
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-2.2.23
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.2.23
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.0.26
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-3.0.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
3.0.26
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.6
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.6
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.7
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.7
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.7
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15803: net-analyzer/zabbix-4.0.9
 
Scores:
------
Impact: 2.86
Ability to Exploit: 8.59
 
Description:
-----------
[07/17/2020]
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
 
CatPkg:
------
net-analyzer/zabbix
 
KitBranch:
---------
net-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
4.0.9
 
Facts:
-----
https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/
https://support.zabbix.com/browse/ZBX-18057
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15117: x11-misc/synergy-1.9.1
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving
a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295)
if the servers memory is less than 4 GB. It was verified that this issue does
not cause a crash through the exception handler if the available memory of the
Server is more than 4GB.
 
CatPkg:
------
x11-misc/synergy
 
KitBranch:
---------
desktop-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
1.9.1
 
Facts:
-----
https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39
https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.5.61
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.61
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.5.62
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.5.62
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.6.42
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.42
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.6.43
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.43
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.6.44
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.6.44
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.7.24
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.24
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.7.25
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.25
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14702: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14651: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14663: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14624: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: JSON). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14697: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14643: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 4.94
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Roles). Supported versions that are affected are 8.0.20 and prior.
Easily exploitable vulnerability allows high privileged attacker with network
access via multiple protocols to compromise MySQL Server. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of MySQL Server as well as
unauthorized update, insert or delete access to some of MySQL Server accessible
data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14656: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Locking). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14623: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14680: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14631: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Audit). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14654: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14620: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14678: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 6.44
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Security: Privileges). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker with
network access via multiple protocols to compromise MySQL Server. Successful
attacks of this vulnerability can result in takeover of MySQL Server. CVSS
3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS
Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14619: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Parser). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14597: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14576: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: UDF). Supported versions that are affected are 5.7.30 and prior and
8.0.20 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14575: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: DML). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14614: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Optimizer). Supported versions that are affected are 8.0.20 and
prior. Easily exploitable vulnerability allows high privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14591: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Audit Plug-in). Supported versions that are affected are 8.0.20
and prior. Easily exploitable vulnerability allows low privileged attacker
with network access via multiple protocols to compromise MySQL Server.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14568: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
Supported versions that are affected are 8.0.20 and prior. Easily exploitable
vulnerability allows high privileged attacker with network access via multiple
protocols to compromise MySQL Server. Successful attacks of this vulnerability
can result in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability
impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14586: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.20 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14567: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Replication). Supported versions that are affected are 5.7.29 and prior and
8.0.19 and prior. Easily exploitable vulnerability allows high privileged
attacker with network access via multiple protocols to compromise MySQL
Server. Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete DOS) of
MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14559: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server:
Information Schema). Supported versions that are affected are 5.6.48 and
prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability
allows low privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-14553: dev-db/mysql-5.7.26
 
Scores:
------
Impact: 2.86
Ability to Exploit: _
 
Description:
-----------
[07/15/2020]
Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Pluggable Auth). Supported versions that are affected are 5.7.30
and prior and 8.0.20 and prior. Easily exploitable vulnerability allows
low privileged attacker with network access via multiple protocols to
compromise MySQL Server. Successful attacks of this vulnerability can result
in unauthorized update, insert or delete access to some of MySQL Server
accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
 
CatPkg:
------
dev-db/mysql
 
KitBranch:
---------
core-server-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
5.7.26
 
Facts:
-----
https://security.netapp.com/advisory/ntap-20200717-0004/
https://usn.ubuntu.com/4441-1/
https://www.oracle.com/security-alerts/cpujul2020.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.2
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.2
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.3
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.3
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.4
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.4
 
Facts:
-----
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html
 
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
 
Summary:
-------
CVE-2020-15890: dev-lang/luajit-2.0.5
 
Scores:
------
Impact: 2.86
Ability to Exploit: 10.00
 
Description:
-----------
[07/21/2020]
LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame
traversal is mishandled.
 
CatPkg:
------
dev-lang/luajit
 
KitBranch:
---------
lang-kit/1.4-release
 
labels:
------
security
 
AffectsVersions:
---------------
2.0.5


* every update of the <tt>cve-search</tt> database must trigger an update of <tt>jira</tt>
Facts:
* every CRUD path of <tt>cve-search</tt> must have an equivalent CRUD path of <tt>jira</tt>
-----
* the sync of <tt>cve-search</tt> and <tt>jira</tt> must be always provable
https://github.com/LuaJIT/LuaJIT/issues/601
https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html


However, we don't need to deal with <tt>cve-search</tt> directly: we can transform it into an intermediate state associated with <tt>cver</tt> that has its own paths, and then make the equivalent <tt>jira</tt> path from those. We may just 'bulk transform' the <tt>cve-search</tt> to a (probably much simpler) schema more directly related to that of a <tt>jira</tt> issue. We just need a collection of what are essentially <tt>jira</tt> records, with meta data to control the sync.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

Latest revision as of 02:59, August 11, 2020

Created on
2020/01/21
Original Author(s)
d4g33z
Git sources (for cloning)
Link
Status
Reference Bug
FL-6938

Funtoo Linux Optimization Proposal: CVE Monitoring

Let's monitor the Common Vulnerabilities and Exposures (CVE) list and flag packages in the current portage tree accordingly. Posting bugs on jira.funtoo.org for affected packages could be automated to a significant extent.

cver: A Tool for Monitoring CVEs

   Note

cver now uses a MongoDB instance on the Funtoo infrastructure. No need to run your own!

   Warning

cver as a stand-alone project is going away. It will be be reborn as a pop-based application. It will still be around for those interested but its capabilities will be expanded greatly as a metatools plugin.

Summary

Ultimately, not all ebuilds are created equal. Hence they are updated at different rates according to their popularity in the tree of available packages and this is generally fine: packages with a lot of use get updated frequently, and vulnerabilities are generally dealt with. Unpopular ebuilds can languish, and no one really cares. However, unpopular ebuilds with a significant vulnerability should be updated, popular or not, as they represent a potential vector for attack, if they can be installed.

Identifying ebuilds with an associated CVE will bring them to 'head of the queue' for pull requests and updates, which should often be trivial, as the vulnerability is dealt with upstream and released as a new hotfix version. Or, we can fork and provide our own mitigation, merging with upstream again when a new release comes out (if at all).

The cver (pronounced ça-veer) tool is built around redis cached mongodb collections that are regularly updated with newly filed CVEs. The tool queries the collections to produce a set of text data appropriate to fill fields on a newly created security vulnerability issue on the Funtoo bug tracker. The data can be output in various formats (current just formatted text on stdout), and eventually input directly to the bug tracker via its REST api.

Architecture

The architecture is simple:

┌─────────┐                                 
│redis    │      ┌────┐                     
│┌───────┐│      │jira│──────────┐          
││mongoDB││      └──┬─┘          │          
│└───────┘│         │            │          
└────┬────┘         │            │          
     │              │        *********      
     │     ┌───┐    │     ***         ***   
     ├─────┤dev│──────────*  discussion *   
     │     └─┬─┘    │     ***         ***   
     │       │      │        *********      
     │       │      │                       
     │     ┌─┴─┐    │                       
     ├─────┤bot│────┘                       
     │     └───┘                            
     │                                      
     │                                      
     │     ┌───┐                            
     └─────│usr│                            
           └───┘
  • A dev uses the tool to query the redis cache of the CVE data held in the mongoDB, update and admin the mongoDB, create reports for discussion, and control a bot.
  • The bot can query the redis cache and create issues to post via the REST api of jira.
  • A user can query the redis cache and create reports.
  • discussion produces issues to be posted at jira.
  • Note: it could be true that dev == bot; a report can contain REST api urls for jira

Algorithm

The cvedb.cves collection provided by cve-search has the following estimated schema (see variety, a schema estimator for mongodb):

+--------------------------------------------------------------------------------+
| key                              | types    | occurrences | percents           |
| -------------------------------- | -------- | ----------- | ------------------ |
| Modified                         | Date     |      136539 | 100.00000000000000 |
| Published                        | Date     |      136539 | 100.00000000000000 |
| _id                              | ObjectId |      136539 | 100.00000000000000 |
| access                           | Object   |      136539 | 100.00000000000000 |
| assigner                         | String   |      136539 | 100.00000000000000 |
| cvss                             | Number   |      136539 | 100.00000000000000 |
| cwe                              | String   |      136539 | 100.00000000000000 |
| id                               | String   |      136539 | 100.00000000000000 |
| impact                           | Object   |      136539 | 100.00000000000000 |
| references                       | Array    |      136539 | 100.00000000000000 |
| summary                          | String   |      136539 | 100.00000000000000 |
| vulnerable_configuration         | Array    |      136539 | 100.00000000000000 |
| vulnerable_configuration_cpe_2_2 | Array    |      136539 | 100.00000000000000 |
| vulnerable_product               | Array    |      136539 | 100.00000000000000 |
| access.authentication            | String   |      128583 |  94.17309340188518 |
| access.complexity                | String   |      128583 |  94.17309340188518 |
| access.vector                    | String   |      128583 |  94.17309340188518 |
| cvss-time                        | Date     |      128583 |  94.17309340188518 |
| cvss-vector                      | String   |      128583 |  94.17309340188518 |
| impact.availability              | String   |      128583 |  94.17309340188518 |
| impact.confidentiality           | String   |      128583 |  94.17309340188518 |
| impact.integrity                 | String   |      128583 |  94.17309340188518 |
+--------------------------------------------------------------------------------+

An important key in the collection is that of vulnerable_product. It contains an array of the Common Platform Enumeration of the affected pieces of software, and can potentially be matched (along with the affected product's version(s)) to packages in the Funtoo portage meta-repo.

This is the bird's eye view of what a CPE is:

CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.

Thus, filtering packages by CVE requires a map between package names and CPE. The current algorithm is the simplest possible: if a CVE has a list of CPEs, each CPE is interpreted to yield a single token and an exact match with package name is attempted for the whole meta-repo using app-portage/eix. If there is a match, then a jira issue can be constructed and reported. Even this simple algorithm produces quite a few matches, but it also misses very significant issues if the CPEs are not added properly to the CVE database for the issue. FL-6938 is a case in point: it was not filed with a CPE for sys-apps/portage (does it exist?) so the algorithm skipped right over it. A more sophisticated algorithm would have done regular expression matching on the summary key of the issue, perhaps matching on the string 'Gentoo Portage,' and producing a report for discussion, and eventual posting to jira.

Once a match is made, the cve-search collection and the portage package database (via app-portage/eix) can be combined to produce the data appropriate for a report.

This is meant to be human in the loop automation: we cannot just be spamming jira, and devs must take ownership of issues.



State

The cver tool is currently stateless: it takes some bytes and it makes some bytes. We should probably keep it that way. A disk cache of the LRU memo-ized python function eix_xml might be nice. It would have to be wiped when eix was updated, of course.

Example Output Mon 10 Aug 2020 10:39:01 PM EDT

Summary:


CVE-2020-15115: dev-db/etcd-3.3.12

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[08/06/2020] etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.12

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh



Summary:


CVE-2020-15113: dev-db/etcd-3.3.12

Scores:


Impact: 4.94 Ability to Exploit: 3.95

Description:


[08/05/2020] In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.12

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92



Summary:


CVE-2020-15114: dev-db/etcd-3.3.12

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[08/06/2020] In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.12

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224



Summary:


CVE-2020-15115: dev-db/etcd-3.3.13

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[08/06/2020] etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. This may allow an attacker to guess or brute-force users' passwords with little computational effort.

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.13

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh



Summary:


CVE-2020-15113: dev-db/etcd-3.3.13

Scores:


Impact: 4.94 Ability to Exploit: 3.95

Description:


[08/05/2020] In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. This function does not perform any permission checks when a given directory path exists already. A possible workaround is to ensure the directories have the desired permission (700).

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.13

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92



Summary:


CVE-2020-15114: dev-db/etcd-3.3.13

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[08/06/2020] In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.

CatPkg:


dev-db/etcd

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.3.13

Facts:


https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224



Summary:


CVE-2020-16117: gnome-extra/evolution-data-server-3.36.2

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/29/2020] In GNOME evolution-data-server before 3.35.91, a malicious server can crash the mail client with a NULL pointer dereference by sending an invalid (e.g., minimal) CAPABILITY line on a connection attempt. This is related to imapx_free_capability and imapx_connect_to_server.

CatPkg:


gnome-extra/evolution-data-server

KitBranch:


gnome-kit/3.36-prime

labels:


security

AffectsVersions:


3.36.2

Facts:


https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 https://lists.debian.org/debian-lts-announce/2020/08/msg00005.html



Summary:


CVE-2020-14928: gnome-extra/evolution-data-server-3.36.2

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."

CatPkg:


gnome-extra/evolution-data-server

KitBranch:


gnome-kit/3.36-prime

labels:


security

AffectsVersions:


3.36.2

Facts:


https://bugzilla.suse.com/show_bug.cgi?id=1173910 https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/f404f33fb01b23903c2bbb16791c7907e457fbac https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 https://lists.debian.org/debian-lts-announce/2020/07/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMBEZWA22EAYAZQWUX4KPEBER726KSIG/ https://security-tracker.debian.org/tracker/DLA-2281-1 https://security-tracker.debian.org/tracker/DSA-4725-1 https://usn.ubuntu.com/4429-1/ https://www.debian.org/security/2020/dsa-4725



Summary:


CVE-2020-13699: net-misc/teamviewer-14.1.3399

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/29/2020] TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

CatPkg:


net-misc/teamviewer

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


14.1.3399

Facts:


https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt



Summary:


CVE-2020-13699: net-misc/teamviewer-14.1.9025

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/29/2020] TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

CatPkg:


net-misc/teamviewer

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


14.1.9025

Facts:


https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt



Summary:


CVE-2020-13699: net-misc/teamviewer-14.1.18533

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/29/2020] TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

CatPkg:


net-misc/teamviewer

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


14.1.18533

Facts:


https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt



Summary:


CVE-2020-13699: net-misc/teamviewer-14.2.2558

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/29/2020] TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

CatPkg:


net-misc/teamviewer

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


14.2.2558

Facts:


https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt



Summary:


CVE-2020-13699: net-misc/teamviewer-14.2.8352

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/29/2020] TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3.

CatPkg:


net-misc/teamviewer

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


14.2.8352

Facts:


https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/td-p/98448 https://jeffs.sh/CVEs/CVE-2020-13699.txt



Summary:


CVE-2020-12460: mail-filter/opendmarc-1.1.3

Scores:


Impact: 6.44 Ability to Exploit: 10.00

Description:


[07/27/2020] OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.

CatPkg:


mail-filter/opendmarc

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


1.1.3

Facts:


https://github.com/trusteddomainproject/OpenDMARC/issues/64 https://sourceforge.net/projects/opendmarc/



Summary:


CVE-2020-15953: net-libs/libetpan-1.9.3

Scores:


Impact: 4.94 Ability to Exploit: 8.59

Description:


[07/27/2020] LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."

CatPkg:


net-libs/libetpan

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


1.9.3

Facts:


https://github.com/dinhvh/libetpan/issues/386 https://security.gentoo.org/glsa/202007-55



Summary:


CVE-2020-1776: www-apps/otrs-5.0.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/20/2020] When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

CatPkg:


www-apps/otrs

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


5.0.25

Facts:


https://otrs.com/release-notes/otrs-security-advisory-2020-13/



Summary:


CVE-2020-1776: www-apps/otrs-6.0.3

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/20/2020] When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

CatPkg:


www-apps/otrs

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


6.0.3

Facts:


https://otrs.com/release-notes/otrs-security-advisory-2020-13/



Summary:


CVE-2020-1776: www-apps/otrs-6.0.4

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/20/2020] When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

CatPkg:


www-apps/otrs

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


6.0.4

Facts:


https://otrs.com/release-notes/otrs-security-advisory-2020-13/



Summary:


CVE-2020-1776: www-apps/otrs-6.0.5

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/20/2020] When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

CatPkg:


www-apps/otrs

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


6.0.5

Facts:


https://otrs.com/release-notes/otrs-security-advisory-2020-13/



Summary:


CVE-2020-1776: www-apps/otrs-6.0.7

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/20/2020] When an agent user is renamed or set to invalid the session belonging to the user is keept active. The session can not be used to access ticket data in the case the agent is invalid. This issue affects ((OTRS)) Community Edition: 6.0.28 and prior versions. OTRS: 7.0.18 and prior versions, 8.0.4. and prior versions.

CatPkg:


www-apps/otrs

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


6.0.7

Facts:


https://otrs.com/release-notes/otrs-security-advisory-2020-13/



Summary:


CVE-2020-15852: app-emulation/xen-4.10.3-r1

Scores:


Impact: 6.44 Ability to Exploit: 3.95

Description:


[07/20/2020] An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

CatPkg:


app-emulation/xen

KitBranch:


nokit/1.4-release

labels:


security

AffectsVersions:


4.10.3-r1

Facts:


http://www.openwall.com/lists/oss-security/2020/07/21/2 http://xenbits.xen.org/xsa/advisory-329.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2



Summary:


CVE-2020-15852: app-emulation/xen-4.11.1-r3

Scores:


Impact: 6.44 Ability to Exploit: 3.95

Description:


[07/20/2020] An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

CatPkg:


app-emulation/xen

KitBranch:


nokit/1.4-release

labels:


security

AffectsVersions:


4.11.1-r3

Facts:


http://www.openwall.com/lists/oss-security/2020/07/21/2 http://xenbits.xen.org/xsa/advisory-329.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2



Summary:


CVE-2020-15852: app-emulation/xen-4.12.0-r1

Scores:


Impact: 6.44 Ability to Exploit: 3.95

Description:


[07/20/2020] An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.

CatPkg:


app-emulation/xen

KitBranch:


nokit/1.4-release

labels:


security

AffectsVersions:


4.12.0-r1

Facts:


http://www.openwall.com/lists/oss-security/2020/07/21/2 http://xenbits.xen.org/xsa/advisory-329.html https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cadfad870154e14f745ec845708bc17d166065f2 https://github.com/torvalds/linux/commit/cadfad870154e14f745ec845708bc17d166065f2



Summary:


CVE-2020-15121: dev-util/radare2-3.4.1

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/20/2020] In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

CatPkg:


dev-util/radare2

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.4.1

Facts:


https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 https://github.com/radareorg/radare2/issues/16945 https://github.com/radareorg/radare2/pull/16966 https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/



Summary:


CVE-2020-15121: dev-util/radare2-3.5.0

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/20/2020] In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

CatPkg:


dev-util/radare2

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.5.0

Facts:


https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 https://github.com/radareorg/radare2/issues/16945 https://github.com/radareorg/radare2/pull/16966 https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/



Summary:


CVE-2020-15121: dev-util/radare2-3.5.1

Scores:


Impact: 6.44 Ability to Exploit: 8.59

Description:


[07/20/2020] In radare2 before version 4.5.0, malformed PDB file names in the PDB server path cause shell injection. To trigger the problem it's required to open the executable in radare2 and run idpd to trigger the download. The shell code will execute, and will create a file called pwned in the current directory.

CatPkg:


dev-util/radare2

KitBranch:


dev-kit/1.4-release

labels:


security

AffectsVersions:


3.5.1

Facts:


https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 https://github.com/radareorg/radare2/issues/16945 https://github.com/radareorg/radare2/pull/16966 https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWC7KNBETYE5MK6VIUU26LUIISIFGSBZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YE77P5RSE2T7JHEKMWF2ARTSJGMPXCFY/



Summary:


CVE-2020-14001: dev-ruby/kramdown-1.17.0

Scores:


Impact: 6.44 Ability to Exploit: 10.00

Description:


[07/17/2020] The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

CatPkg:


dev-ruby/kramdown

KitBranch:


ruby-kit/2.6-prime

labels:


security

AffectsVersions:


1.17.0

Facts:


https://github.com/gettalong/kramdown https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0 https://kramdown.gettalong.org https://kramdown.gettalong.org/news.html https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html https://rubygems.org/gems/kramdown https://security.netapp.com/advisory/ntap-20200731-0004/



Summary:


CVE-2020-15586: dev-lang/go-1.12.17

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

CatPkg:


dev-lang/go

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


1.12.17

Facts:


http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html https://groups.google.com/forum/#!topic/golang-announce/f2c5bqrGH_g https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCR6LAKCVKL55KJQPPBBWVQGOP7RL2RW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIRVUHD7TJIT7JJ33FKHIVTHPYABYPHR/ https://security.netapp.com/advisory/ntap-20200731-0005/ https://www.cloudfoundry.org/blog/cve-2020-15586/



Summary:


CVE-2020-14039: dev-lang/go-1.12.17

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/17/2020] In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

CatPkg:


dev-lang/go

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


1.12.17

Facts:


http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00082.html https://groups.google.com/forum/#!forum/golang-announce https://groups.google.com/forum/#!topic/golang-announce/XZNfaiwgt2w https://security.netapp.com/advisory/ntap-20200731-0005/



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.16

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.16

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.16

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.16

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.21

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.21

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.21

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.21

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.21

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.21

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.23

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.23

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-2.2.23

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


2.2.23

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-3.0.26

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


3.0.26

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-3.0.26

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


3.0.26

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.6

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.6

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.6

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.6

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.6

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.6

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.7

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.7

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.7

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.7

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15803: net-analyzer/zabbix-4.0.9

Scores:


Impact: 2.86 Ability to Exploit: 8.59

Description:


[07/17/2020] Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

CatPkg:


net-analyzer/zabbix

KitBranch:


net-kit/1.4-release

labels:


security

AffectsVersions:


4.0.9

Facts:


https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057



Summary:


CVE-2020-15117: x11-misc/synergy-1.9.1

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.

CatPkg:


x11-misc/synergy

KitBranch:


desktop-kit/1.4-release

labels:


security

AffectsVersions:


1.9.1

Facts:


https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp



Summary:


CVE-2020-14702: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.5.61

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.5.61

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.5.61

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.5.61

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.5.61

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.5.61

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.61

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.5.62

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.5.62

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.5.62

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.5.62

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.5.62

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.5.62

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.5.62

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.6.42

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.6.42

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.6.42

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.6.42

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.6.42

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.6.42

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.42

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.6.43

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.6.43

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.6.43

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.6.43

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.6.43

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.6.43

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.43

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.6.44

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.6.44

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.6.44

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.6.44

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.6.44

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.6.44

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.6.44

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.7.24

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.7.24

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.7.24

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.7.24

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.7.24

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.7.24

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.24

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.7.25

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.7.25

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.7.25

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.7.25

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.7.25

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.7.25

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.25

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14702: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14651: dev-db/mysql-5.7.26

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14663: dev-db/mysql-5.7.26

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14624: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14697: dev-db/mysql-5.7.26

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14643: dev-db/mysql-5.7.26

Scores:


Impact: 4.94 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14656: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14623: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14680: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14631: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14654: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14620: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14678: dev-db/mysql-5.7.26

Scores:


Impact: 6.44 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14619: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14597: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14576: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14575: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14614: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14591: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14568: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14586: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14567: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14559: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-14553: dev-db/mysql-5.7.26

Scores:


Impact: 2.86 Ability to Exploit: _

Description:


[07/15/2020] Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

CatPkg:


dev-db/mysql

KitBranch:


core-server-kit/1.4-release

labels:


security

AffectsVersions:


5.7.26

Facts:


https://security.netapp.com/advisory/ntap-20200717-0004/ https://usn.ubuntu.com/4441-1/ https://www.oracle.com/security-alerts/cpujul2020.html



Summary:


CVE-2020-15890: dev-lang/luajit-2.0.2

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/21/2020] LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

CatPkg:


dev-lang/luajit

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


2.0.2

Facts:


https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html



Summary:


CVE-2020-15890: dev-lang/luajit-2.0.3

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/21/2020] LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

CatPkg:


dev-lang/luajit

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


2.0.3

Facts:


https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html



Summary:


CVE-2020-15890: dev-lang/luajit-2.0.4

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/21/2020] LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

CatPkg:


dev-lang/luajit

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


2.0.4

Facts:


https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html



Summary:


CVE-2020-15890: dev-lang/luajit-2.0.5

Scores:


Impact: 2.86 Ability to Exploit: 10.00

Description:


[07/21/2020] LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.

CatPkg:


dev-lang/luajit

KitBranch:


lang-kit/1.4-release

labels:


security

AffectsVersions:


2.0.5

Facts:


https://github.com/LuaJIT/LuaJIT/issues/601 https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html