Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2025-0167
Vulnerability from csaf_certbund
Published
2025-01-21 23:00
Modified
2025-06-10 22:00
Summary
Oracle MySQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0167 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0167.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0167 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0167"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - January 2025 - Appendix Oracle MySQL vom 2025-01-21",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250124-0011 vom 2025-01-24",
"url": "https://security.netapp.com/advisory/ntap-20250124-0011/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7245-1 vom 2025-01-30",
"url": "https://ubuntu.com/security/notices/USN-7245-1"
},
{
"category": "external",
"summary": "MariaDB 10.11.11 Release Notes vom 2025-02-05",
"url": "https://mariadb.com/kb/en/mdb-101111-rn/"
},
{
"category": "external",
"summary": "MariaDB 10.5.28 Release Notes vom 2025-02-05",
"url": "https://mariadb.com/kb/en/mdb-10-5-28-rn/"
},
{
"category": "external",
"summary": "MariaDB 10.6.21 Release Notes vom 2025-02-05",
"url": "https://mariadb.com/kb/en/mdb-10621-rn/"
},
{
"category": "external",
"summary": "MariaDB 11.7.2 Release Notes vom 2025-02-13",
"url": "https://mariadb.com/kb/en/mariadb-11-7-2-release-notes/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1671 vom 2025-02-19",
"url": "https://access.redhat.com/errata/RHSA-2025:1671"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1673 vom 2025-02-19",
"url": "https://access.redhat.com/errata/RHSA-2025:1673"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1673 vom 2025-02-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-1673.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-1671 vom 2025-02-21",
"url": "https://linux.oracle.com/errata/ELSA-2025-1671.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1755 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1756 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1756"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1757 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1757"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1766 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1766"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:1767 vom 2025-02-24",
"url": "https://access.redhat.com/errata/RHSA-2025:1767"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:1673 vom 2025-02-26",
"url": "https://errata.build.resf.org/RLSA-2025:1673"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4074 vom 2025-03-01",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00000.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2882 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2882"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:2883 vom 2025-03-17",
"url": "https://access.redhat.com/errata/RHSA-2025:2883"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7376-1 vom 2025-03-27",
"url": "https://ubuntu.com/security/notices/USN-7376-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7376-2 vom 2025-03-31",
"url": "https://ubuntu.com/security/notices/USN-7376-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:01716-1 vom 2025-05-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/ZD7OICEDCJBRPYYAQ46SMEOBTYRJAAWL/"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250131-0004 vom 2025-06-11",
"url": "https://security.netapp.com/advisory/NTAP-20250131-0004"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250124-0013 vom 2025-06-11",
"url": "https://security.netapp.com/advisory/NTAP-20250124-0013"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20250124-0010 vom 2025-06-11",
"url": "https://security.netapp.com/advisory/NTAP-20250124-0010"
}
],
"source_lang": "en-US",
"title": "Oracle MySQL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-06-10T22:00:00.000+00:00",
"generator": {
"date": "2025-06-11T06:27:53.232+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0167",
"initial_release_date": "2025-01-21T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-01-21T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-01-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-01-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-02-04T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-02-12T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-02-18T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-23T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-26T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2025-03-02T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2025-03-16T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-03-26T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-03-31T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-05-29T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-10T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von NetApp aufgenommen"
}
],
"status": "final",
"version": "15"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.11.11",
"product": {
"name": "MariaDB MariaDB \u003c10.11.11",
"product_id": "T040788"
}
},
{
"category": "product_version",
"name": "10.11.11",
"product": {
"name": "MariaDB MariaDB 10.11.11",
"product_id": "T040788-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mariadb:mariadb:10.11.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.28",
"product": {
"name": "MariaDB MariaDB \u003c10.5.28",
"product_id": "T040789"
}
},
{
"category": "product_version",
"name": "10.5.28",
"product": {
"name": "MariaDB MariaDB 10.5.28",
"product_id": "T040789-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mariadb:mariadb:10.5.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.21",
"product": {
"name": "MariaDB MariaDB \u003c10.6.21",
"product_id": "T040790"
}
},
{
"category": "product_version",
"name": "10.6.21",
"product": {
"name": "MariaDB MariaDB 10.6.21",
"product_id": "T040790-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mariadb:mariadb:10.6.21"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.7.2",
"product": {
"name": "MariaDB MariaDB \u003c11.7.2",
"product_id": "T041151"
}
},
{
"category": "product_version",
"name": "11.7.2",
"product": {
"name": "MariaDB MariaDB 11.7.2",
"product_id": "T041151-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:mariadb:mariadb:11.7.2"
}
}
}
],
"category": "product_name",
"name": "MariaDB"
}
],
"category": "vendor",
"name": "MariaDB"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for VMware vSphere",
"product": {
"name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
"product_id": "T025152",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
}
}
},
{
"category": "product_version",
"name": "for Microsoft Windows",
"product": {
"name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
"product_id": "T025631",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
}
}
},
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T037607",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:-"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.4.0",
"product": {
"name": "Oracle MySQL 8.4.0",
"product_id": "1640751",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:mysql:8.4.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.39",
"product": {
"name": "Oracle MySQL \u003c=8.0.39",
"product_id": "1672258"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.39",
"product": {
"name": "Oracle MySQL \u003c=8.0.39",
"product_id": "1672258-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.2",
"product": {
"name": "Oracle MySQL \u003c=8.4.2",
"product_id": "1672259"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.2",
"product": {
"name": "Oracle MySQL \u003c=8.4.2",
"product_id": "1672259-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.1",
"product": {
"name": "Oracle MySQL \u003c=9.0.1",
"product_id": "1672261"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.0.1",
"product": {
"name": "Oracle MySQL \u003c=9.0.1",
"product_id": "1672261-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.36",
"product": {
"name": "Oracle MySQL \u003c=8.0.36",
"product_id": "1673314"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.36",
"product": {
"name": "Oracle MySQL \u003c=8.0.36",
"product_id": "1673314-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.40",
"product": {
"name": "Oracle MySQL \u003c=8.0.40",
"product_id": "T040476"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.0.40",
"product": {
"name": "Oracle MySQL \u003c=8.0.40",
"product_id": "T040476-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.3",
"product": {
"name": "Oracle MySQL \u003c=8.4.3",
"product_id": "T040477"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.4.3",
"product": {
"name": "Oracle MySQL \u003c=8.4.3",
"product_id": "T040477-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.0",
"product": {
"name": "Oracle MySQL \u003c=9.1.0",
"product_id": "T040478"
}
},
{
"category": "product_version_range",
"name": "\u003c=9.1.0",
"product": {
"name": "Oracle MySQL \u003c=9.1.0",
"product_id": "T040478-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.32",
"product": {
"name": "Oracle MySQL \u003c=7.6.32",
"product_id": "T040479"
}
},
{
"category": "product_version_range",
"name": "\u003c=7.6.32",
"product": {
"name": "Oracle MySQL \u003c=7.6.32",
"product_id": "T040479-fixed"
}
}
],
"category": "product_name",
"name": "MySQL"
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11053",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-37371",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2024-37371"
},
{
"cve": "CVE-2025-21490",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21490"
},
{
"cve": "CVE-2025-21491",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21491"
},
{
"cve": "CVE-2025-21492",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21492"
},
{
"cve": "CVE-2025-21493",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21493"
},
{
"cve": "CVE-2025-21494",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21494"
},
{
"cve": "CVE-2025-21495",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21495"
},
{
"cve": "CVE-2025-21497",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21497"
},
{
"cve": "CVE-2025-21499",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21499"
},
{
"cve": "CVE-2025-21500",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21500"
},
{
"cve": "CVE-2025-21501",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21501"
},
{
"cve": "CVE-2025-21503",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21503"
},
{
"cve": "CVE-2025-21504",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21504"
},
{
"cve": "CVE-2025-21505",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21505"
},
{
"cve": "CVE-2025-21518",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21518"
},
{
"cve": "CVE-2025-21519",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21519"
},
{
"cve": "CVE-2025-21520",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21520"
},
{
"cve": "CVE-2025-21521",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21521"
},
{
"cve": "CVE-2025-21522",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21522"
},
{
"cve": "CVE-2025-21523",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21523"
},
{
"cve": "CVE-2025-21525",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21525"
},
{
"cve": "CVE-2025-21529",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21529"
},
{
"cve": "CVE-2025-21531",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21531"
},
{
"cve": "CVE-2025-21534",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21534"
},
{
"cve": "CVE-2025-21536",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21536"
},
{
"cve": "CVE-2025-21540",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21540"
},
{
"cve": "CVE-2025-21543",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21543"
},
{
"cve": "CVE-2025-21546",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21546"
},
{
"cve": "CVE-2025-21548",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21548"
},
{
"cve": "CVE-2025-21555",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21555"
},
{
"cve": "CVE-2025-21559",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21559"
},
{
"cve": "CVE-2025-21566",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21566"
},
{
"cve": "CVE-2025-21567",
"product_status": {
"known_affected": [
"T037607",
"T025152",
"67646",
"T040789",
"T004914",
"T032255",
"T040790",
"T041151",
"2951",
"T002207",
"T000126",
"T025631",
"1640751",
"T040788"
],
"last_affected": [
"1672258",
"1673314",
"1672259",
"1672261",
"T040479",
"T040478",
"T040477",
"T040476"
]
},
"release_date": "2025-01-21T23:00:00.000+00:00",
"title": "CVE-2025-21567"
}
]
}
CVE-2025-21500 (GCVE-0-2025-21500)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:33:46.503284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:34:35.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:55.678Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21500",
"datePublished": "2025-01-21T20:52:55.678Z",
"dateReserved": "2024-12-24T23:18:54.762Z",
"dateUpdated": "2025-01-23T16:34:35.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21523 (GCVE-0-2025-21523)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-31 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21523",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T14:37:31.266174Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T20:39:56.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:05.511Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21523",
"datePublished": "2025-01-21T20:53:05.511Z",
"dateReserved": "2024-12-24T23:18:54.767Z",
"dateUpdated": "2025-01-31T20:39:56.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11053 (GCVE-0-2024-11053)
Vulnerability from cvelistv5
Published
2024-12-11 07:34
Modified
2025-01-31 15:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| curl | curl |
Version: 8.11.0 ≤ 8.11.0 Version: 8.10.1 ≤ 8.10.1 Version: 8.10.0 ≤ 8.10.0 Version: 8.9.1 ≤ 8.9.1 Version: 8.9.0 ≤ 8.9.0 Version: 8.8.0 ≤ 8.8.0 Version: 8.7.1 ≤ 8.7.1 Version: 8.7.0 ≤ 8.7.0 Version: 8.6.0 ≤ 8.6.0 Version: 8.5.0 ≤ 8.5.0 Version: 8.4.0 ≤ 8.4.0 Version: 8.3.0 ≤ 8.3.0 Version: 8.2.1 ≤ 8.2.1 Version: 8.2.0 ≤ 8.2.0 Version: 8.1.2 ≤ 8.1.2 Version: 8.1.1 ≤ 8.1.1 Version: 8.1.0 ≤ 8.1.0 Version: 8.0.1 ≤ 8.0.1 Version: 8.0.0 ≤ 8.0.0 Version: 7.88.1 ≤ 7.88.1 Version: 7.88.0 ≤ 7.88.0 Version: 7.87.0 ≤ 7.87.0 Version: 7.86.0 ≤ 7.86.0 Version: 7.85.0 ≤ 7.85.0 Version: 7.84.0 ≤ 7.84.0 Version: 7.83.1 ≤ 7.83.1 Version: 7.83.0 ≤ 7.83.0 Version: 7.82.0 ≤ 7.82.0 Version: 7.81.0 ≤ 7.81.0 Version: 7.80.0 ≤ 7.80.0 Version: 7.79.1 ≤ 7.79.1 Version: 7.79.0 ≤ 7.79.0 Version: 7.78.0 ≤ 7.78.0 Version: 7.77.0 ≤ 7.77.0 Version: 7.76.1 ≤ 7.76.1 Version: 7.76.0 ≤ 7.76.0 Version: 7.75.0 ≤ 7.75.0 Version: 7.74.0 ≤ 7.74.0 Version: 7.73.0 ≤ 7.73.0 Version: 7.72.0 ≤ 7.72.0 Version: 7.71.1 ≤ 7.71.1 Version: 7.71.0 ≤ 7.71.0 Version: 7.70.0 ≤ 7.70.0 Version: 7.69.1 ≤ 7.69.1 Version: 7.69.0 ≤ 7.69.0 Version: 7.68.0 ≤ 7.68.0 Version: 7.67.0 ≤ 7.67.0 Version: 7.66.0 ≤ 7.66.0 Version: 7.65.3 ≤ 7.65.3 Version: 7.65.2 ≤ 7.65.2 Version: 7.65.1 ≤ 7.65.1 Version: 7.65.0 ≤ 7.65.0 Version: 7.64.1 ≤ 7.64.1 Version: 7.64.0 ≤ 7.64.0 Version: 7.63.0 ≤ 7.63.0 Version: 7.62.0 ≤ 7.62.0 Version: 7.61.1 ≤ 7.61.1 Version: 7.61.0 ≤ 7.61.0 Version: 7.60.0 ≤ 7.60.0 Version: 7.59.0 ≤ 7.59.0 Version: 7.58.0 ≤ 7.58.0 Version: 7.57.0 ≤ 7.57.0 Version: 7.56.1 ≤ 7.56.1 Version: 7.56.0 ≤ 7.56.0 Version: 7.55.1 ≤ 7.55.1 Version: 7.55.0 ≤ 7.55.0 Version: 7.54.1 ≤ 7.54.1 Version: 7.54.0 ≤ 7.54.0 Version: 7.53.1 ≤ 7.53.1 Version: 7.53.0 ≤ 7.53.0 Version: 7.52.1 ≤ 7.52.1 Version: 7.52.0 ≤ 7.52.0 Version: 7.51.0 ≤ 7.51.0 Version: 7.50.3 ≤ 7.50.3 Version: 7.50.2 ≤ 7.50.2 Version: 7.50.1 ≤ 7.50.1 Version: 7.50.0 ≤ 7.50.0 Version: 7.49.1 ≤ 7.49.1 Version: 7.49.0 ≤ 7.49.0 Version: 7.48.0 ≤ 7.48.0 Version: 7.47.1 ≤ 7.47.1 Version: 7.47.0 ≤ 7.47.0 Version: 7.46.0 ≤ 7.46.0 Version: 7.45.0 ≤ 7.45.0 Version: 7.44.0 ≤ 7.44.0 Version: 7.43.0 ≤ 7.43.0 Version: 7.42.1 ≤ 7.42.1 Version: 7.42.0 ≤ 7.42.0 Version: 7.41.0 ≤ 7.41.0 Version: 7.40.0 ≤ 7.40.0 Version: 7.39.0 ≤ 7.39.0 Version: 7.38.0 ≤ 7.38.0 Version: 7.37.1 ≤ 7.37.1 Version: 7.37.0 ≤ 7.37.0 Version: 7.36.0 ≤ 7.36.0 Version: 7.35.0 ≤ 7.35.0 Version: 7.34.0 ≤ 7.34.0 Version: 7.33.0 ≤ 7.33.0 Version: 7.32.0 ≤ 7.32.0 Version: 7.31.0 ≤ 7.31.0 Version: 7.30.0 ≤ 7.30.0 Version: 7.29.0 ≤ 7.29.0 Version: 7.28.1 ≤ 7.28.1 Version: 7.28.0 ≤ 7.28.0 Version: 7.27.0 ≤ 7.27.0 Version: 7.26.0 ≤ 7.26.0 Version: 7.25.0 ≤ 7.25.0 Version: 7.24.0 ≤ 7.24.0 Version: 7.23.1 ≤ 7.23.1 Version: 7.23.0 ≤ 7.23.0 Version: 7.22.0 ≤ 7.22.0 Version: 7.21.7 ≤ 7.21.7 Version: 7.21.6 ≤ 7.21.6 Version: 7.21.5 ≤ 7.21.5 Version: 7.21.4 ≤ 7.21.4 Version: 7.21.3 ≤ 7.21.3 Version: 7.21.2 ≤ 7.21.2 Version: 7.21.1 ≤ 7.21.1 Version: 7.21.0 ≤ 7.21.0 Version: 7.20.1 ≤ 7.20.1 Version: 7.20.0 ≤ 7.20.0 Version: 7.19.7 ≤ 7.19.7 Version: 7.19.6 ≤ 7.19.6 Version: 7.19.5 ≤ 7.19.5 Version: 7.19.4 ≤ 7.19.4 Version: 7.19.3 ≤ 7.19.3 Version: 7.19.2 ≤ 7.19.2 Version: 7.19.1 ≤ 7.19.1 Version: 7.19.0 ≤ 7.19.0 Version: 7.18.2 ≤ 7.18.2 Version: 7.18.1 ≤ 7.18.1 Version: 7.18.0 ≤ 7.18.0 Version: 7.17.1 ≤ 7.17.1 Version: 7.17.0 ≤ 7.17.0 Version: 7.16.4 ≤ 7.16.4 Version: 7.16.3 ≤ 7.16.3 Version: 7.16.2 ≤ 7.16.2 Version: 7.16.1 ≤ 7.16.1 Version: 7.16.0 ≤ 7.16.0 Version: 7.15.5 ≤ 7.15.5 Version: 7.15.4 ≤ 7.15.4 Version: 7.15.3 ≤ 7.15.3 Version: 7.15.2 ≤ 7.15.2 Version: 7.15.1 ≤ 7.15.1 Version: 7.15.0 ≤ 7.15.0 Version: 7.14.1 ≤ 7.14.1 Version: 7.14.0 ≤ 7.14.0 Version: 7.13.2 ≤ 7.13.2 Version: 7.13.1 ≤ 7.13.1 Version: 7.13.0 ≤ 7.13.0 Version: 7.12.3 ≤ 7.12.3 Version: 7.12.2 ≤ 7.12.2 Version: 7.12.1 ≤ 7.12.1 Version: 7.12.0 ≤ 7.12.0 Version: 7.11.2 ≤ 7.11.2 Version: 7.11.1 ≤ 7.11.1 Version: 7.11.0 ≤ 7.11.0 Version: 7.10.8 ≤ 7.10.8 Version: 7.10.7 ≤ 7.10.7 Version: 7.10.6 ≤ 7.10.6 Version: 7.10.5 ≤ 7.10.5 Version: 7.10.4 ≤ 7.10.4 Version: 7.10.3 ≤ 7.10.3 Version: 7.10.2 ≤ 7.10.2 Version: 7.10.1 ≤ 7.10.1 Version: 7.10 ≤ 7.10 Version: 7.9.8 ≤ 7.9.8 Version: 7.9.7 ≤ 7.9.7 Version: 7.9.6 ≤ 7.9.6 Version: 7.9.5 ≤ 7.9.5 Version: 7.9.4 ≤ 7.9.4 Version: 7.9.3 ≤ 7.9.3 Version: 7.9.2 ≤ 7.9.2 Version: 7.9.1 ≤ 7.9.1 Version: 7.9 ≤ 7.9 Version: 7.8.1 ≤ 7.8.1 Version: 7.8 ≤ 7.8 Version: 7.7.3 ≤ 7.7.3 Version: 7.7.2 ≤ 7.7.2 Version: 7.7.1 ≤ 7.7.1 Version: 7.7 ≤ 7.7 Version: 7.6.1 ≤ 7.6.1 Version: 7.6 ≤ 7.6 Version: 7.5.2 ≤ 7.5.2 Version: 7.5.1 ≤ 7.5.1 Version: 7.5 ≤ 7.5 Version: 7.4.2 ≤ 7.4.2 Version: 7.4.1 ≤ 7.4.1 Version: 7.4 ≤ 7.4 Version: 7.3 ≤ 7.3 Version: 7.2.1 ≤ 7.2.1 Version: 7.2 ≤ 7.2 Version: 7.1.1 ≤ 7.1.1 Version: 7.1 ≤ 7.1 Version: 6.5.2 ≤ 6.5.2 Version: 6.5.1 ≤ 6.5.1 Version: 6.5 ≤ 6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-31T15:02:42.742Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-15T16:47:42.738403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-15T16:50:59.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.11.0",
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.75.0",
"status": "affected",
"version": "7.75.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.74.0",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.73.0",
"status": "affected",
"version": "7.73.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.72.0",
"status": "affected",
"version": "7.72.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.1",
"status": "affected",
"version": "7.71.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.0",
"status": "affected",
"version": "7.71.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.70.0",
"status": "affected",
"version": "7.70.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.1",
"status": "affected",
"version": "7.69.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.0",
"status": "affected",
"version": "7.69.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.68.0",
"status": "affected",
"version": "7.68.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.67.0",
"status": "affected",
"version": "7.67.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.66.0",
"status": "affected",
"version": "7.66.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.3",
"status": "affected",
"version": "7.65.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.2",
"status": "affected",
"version": "7.65.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.1",
"status": "affected",
"version": "7.65.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.0",
"status": "affected",
"version": "7.65.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.1",
"status": "affected",
"version": "7.64.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.0",
"status": "affected",
"version": "7.64.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.63.0",
"status": "affected",
"version": "7.63.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.62.0",
"status": "affected",
"version": "7.62.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.1",
"status": "affected",
"version": "7.61.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.0",
"status": "affected",
"version": "7.61.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.60.0",
"status": "affected",
"version": "7.60.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.59.0",
"status": "affected",
"version": "7.59.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.58.0",
"status": "affected",
"version": "7.58.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.57.0",
"status": "affected",
"version": "7.57.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.1",
"status": "affected",
"version": "7.56.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.0",
"status": "affected",
"version": "7.56.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.1",
"status": "affected",
"version": "7.55.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.0",
"status": "affected",
"version": "7.55.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.1",
"status": "affected",
"version": "7.54.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.0",
"status": "affected",
"version": "7.54.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.1",
"status": "affected",
"version": "7.53.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.0",
"status": "affected",
"version": "7.53.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.1",
"status": "affected",
"version": "7.52.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.0",
"status": "affected",
"version": "7.52.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.51.0",
"status": "affected",
"version": "7.51.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.3",
"status": "affected",
"version": "7.50.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.2",
"status": "affected",
"version": "7.50.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.1",
"status": "affected",
"version": "7.50.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.0",
"status": "affected",
"version": "7.50.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.1",
"status": "affected",
"version": "7.49.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.0",
"status": "affected",
"version": "7.49.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.48.0",
"status": "affected",
"version": "7.48.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.1",
"status": "affected",
"version": "7.47.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.0",
"status": "affected",
"version": "7.47.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.46.0",
"status": "affected",
"version": "7.46.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.45.0",
"status": "affected",
"version": "7.45.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.44.0",
"status": "affected",
"version": "7.44.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.43.0",
"status": "affected",
"version": "7.43.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.1",
"status": "affected",
"version": "7.42.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.0",
"status": "affected",
"version": "7.42.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.41.0",
"status": "affected",
"version": "7.41.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.40.0",
"status": "affected",
"version": "7.40.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.39.0",
"status": "affected",
"version": "7.39.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.38.0",
"status": "affected",
"version": "7.38.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.1",
"status": "affected",
"version": "7.37.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.0",
"status": "affected",
"version": "7.37.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.36.0",
"status": "affected",
"version": "7.36.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.35.0",
"status": "affected",
"version": "7.35.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.34.0",
"status": "affected",
"version": "7.34.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.33.0",
"status": "affected",
"version": "7.33.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.32.0",
"status": "affected",
"version": "7.32.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.31.0",
"status": "affected",
"version": "7.31.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.30.0",
"status": "affected",
"version": "7.30.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.29.0",
"status": "affected",
"version": "7.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.1",
"status": "affected",
"version": "7.28.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.0",
"status": "affected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.27.0",
"status": "affected",
"version": "7.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.26.0",
"status": "affected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.25.0",
"status": "affected",
"version": "7.25.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.24.0",
"status": "affected",
"version": "7.24.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.1",
"status": "affected",
"version": "7.23.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.22.0",
"status": "affected",
"version": "7.22.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.7",
"status": "affected",
"version": "7.21.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.6",
"status": "affected",
"version": "7.21.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.5",
"status": "affected",
"version": "7.21.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.4",
"status": "affected",
"version": "7.21.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.3",
"status": "affected",
"version": "7.21.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.2",
"status": "affected",
"version": "7.21.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.1",
"status": "affected",
"version": "7.21.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.0",
"status": "affected",
"version": "7.21.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.1",
"status": "affected",
"version": "7.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.0",
"status": "affected",
"version": "7.20.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.7",
"status": "affected",
"version": "7.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.6",
"status": "affected",
"version": "7.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.5",
"status": "affected",
"version": "7.19.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.4",
"status": "affected",
"version": "7.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.3",
"status": "affected",
"version": "7.19.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.2",
"status": "affected",
"version": "7.19.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.1",
"status": "affected",
"version": "7.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.0",
"status": "affected",
"version": "7.19.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.2",
"status": "affected",
"version": "7.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.1",
"status": "affected",
"version": "7.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.0",
"status": "affected",
"version": "7.18.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.1",
"status": "affected",
"version": "7.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.0",
"status": "affected",
"version": "7.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.4",
"status": "affected",
"version": "7.16.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.3",
"status": "affected",
"version": "7.16.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.2",
"status": "affected",
"version": "7.16.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.1",
"status": "affected",
"version": "7.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.0",
"status": "affected",
"version": "7.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.5",
"status": "affected",
"version": "7.15.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.4",
"status": "affected",
"version": "7.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.3",
"status": "affected",
"version": "7.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.2",
"status": "affected",
"version": "7.15.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.1",
"status": "affected",
"version": "7.15.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "7.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.1",
"status": "affected",
"version": "7.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.0",
"status": "affected",
"version": "7.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "7.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.1",
"status": "affected",
"version": "7.13.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.0",
"status": "affected",
"version": "7.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.3",
"status": "affected",
"version": "7.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.2",
"status": "affected",
"version": "7.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.1",
"status": "affected",
"version": "7.12.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "7.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "7.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "7.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "7.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.8",
"status": "affected",
"version": "7.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.7",
"status": "affected",
"version": "7.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.6",
"status": "affected",
"version": "7.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.5",
"status": "affected",
"version": "7.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.4",
"status": "affected",
"version": "7.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.3",
"status": "affected",
"version": "7.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.2",
"status": "affected",
"version": "7.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.1",
"status": "affected",
"version": "7.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10",
"status": "affected",
"version": "7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.8",
"status": "affected",
"version": "7.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.7",
"status": "affected",
"version": "7.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.6",
"status": "affected",
"version": "7.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.5",
"status": "affected",
"version": "7.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.4",
"status": "affected",
"version": "7.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.3",
"status": "affected",
"version": "7.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.2",
"status": "affected",
"version": "7.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.1",
"status": "affected",
"version": "7.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9",
"status": "affected",
"version": "7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8.1",
"status": "affected",
"version": "7.8.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8",
"status": "affected",
"version": "7.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.3",
"status": "affected",
"version": "7.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.2",
"status": "affected",
"version": "7.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.1",
"status": "affected",
"version": "7.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7",
"status": "affected",
"version": "7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6",
"status": "affected",
"version": "7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5",
"status": "affected",
"version": "7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4",
"status": "affected",
"version": "7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3",
"status": "affected",
"version": "7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.2",
"status": "affected",
"version": "6.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Sintonen"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T07:34:29.539Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2024-11053.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2024-11053.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2829063"
}
],
"title": "netrc and redirect credential leak"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2024-11053",
"datePublished": "2024-12-11T07:34:29.539Z",
"dateReserved": "2024-11-09T18:41:55.703Z",
"dateUpdated": "2025-01-31T15:02:42.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21529 (GCVE-0-2025-21529)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-03-24 17:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:09:49.695440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T17:41:33.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:07.906Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21529",
"datePublished": "2025-01-21T20:53:07.906Z",
"dateReserved": "2024-12-24T23:18:54.770Z",
"dateUpdated": "2025-03-24T17:41:33.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21493 (GCVE-0-2025-21493)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21493",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:49:12.309315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:49:43.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:53.419Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21493",
"datePublished": "2025-01-21T20:52:53.419Z",
"dateReserved": "2024-12-24T23:18:54.761Z",
"dateUpdated": "2025-01-23T16:49:43.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21534 (GCVE-0-2025-21534)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:27:42.498665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:28:14.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:09.873Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21534",
"datePublished": "2025-01-21T20:53:09.873Z",
"dateReserved": "2024-12-24T23:18:54.771Z",
"dateUpdated": "2025-01-22T18:28:14.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21531 (GCVE-0-2025-21531)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Oracle Corporation | MySQL Cluster |
Version: * < Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:29:12.323189Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:29:36.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "7.6.32",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:08.723Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21531",
"datePublished": "2025-01-21T20:53:08.723Z",
"dateReserved": "2024-12-24T23:18:54.770Z",
"dateUpdated": "2025-01-22T18:29:36.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21518 (GCVE-0-2025-21518)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Oracle Corporation | MySQL Cluster |
Version: * < Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:38:47.098808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:39:20.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "7.6.32",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:03.419Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21518",
"datePublished": "2025-01-21T20:53:03.419Z",
"dateReserved": "2024-12-24T23:18:54.766Z",
"dateUpdated": "2025-01-22T18:39:20.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21505 (GCVE-0-2025-21505)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-22 18:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:42:02.899393Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:42:32.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:57.648Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21505",
"datePublished": "2025-01-21T20:52:57.648Z",
"dateReserved": "2024-12-24T23:18:54.763Z",
"dateUpdated": "2025-01-22T18:42:32.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21566 (GCVE-0-2025-21566)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-02-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:58:46.372433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:11:21.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:22.396Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21566",
"datePublished": "2025-01-21T20:53:22.396Z",
"dateReserved": "2024-12-24T23:18:54.783Z",
"dateUpdated": "2025-02-04T16:11:21.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21543 (GCVE-0-2025-21543)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Oracle Corporation | MySQL Cluster |
Version: * < Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21543",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:10:23.104975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:11:12.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "7.6.32",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:13.601Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21543",
"datePublished": "2025-01-21T20:53:13.601Z",
"dateReserved": "2024-12-24T23:18:54.774Z",
"dateUpdated": "2025-01-22T18:11:12.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21492 (GCVE-0-2025-21492)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-24 20:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: 8.4.0 cpe:2.3:a:oracle:mysql_server:8.0.36_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:13:03.395083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:13:48.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:15.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.36_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.0:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.36",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:53.040Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21492",
"datePublished": "2025-01-21T20:52:53.040Z",
"dateReserved": "2024-12-24T23:18:54.761Z",
"dateUpdated": "2025-01-24T20:03:15.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21520 (GCVE-0-2025-21520)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Oracle Corporation | MySQL Cluster |
Version: * < Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:* |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21520",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:35:04.827489Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:35:43.370Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_cluster:7.6.32_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_cluster:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Cluster",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "7.6.32",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:04.217Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21520",
"datePublished": "2025-01-21T20:53:04.217Z",
"dateReserved": "2024-12-24T23:18:54.766Z",
"dateUpdated": "2025-01-22T18:35:43.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21567 (GCVE-0-2025-21567)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-02-04 16:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T14:41:30.107424Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:11:59.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:22.751Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21567",
"datePublished": "2025-01-21T20:53:22.751Z",
"dateReserved": "2024-12-24T23:18:54.783Z",
"dateUpdated": "2025-02-04T16:11:59.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21495 (GCVE-0-2025-21495)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall.
Summary
Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Enterprise Firewall |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_enterprise_firewall:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_firewall:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_enterprise_firewall:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:45:20.117081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:45:24.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_enterprise_firewall:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_enterprise_firewall:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_enterprise_firewall:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Enterprise Firewall",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL (component: Firewall). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Firewall. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Enterprise Firewall.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:54.171Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21495",
"datePublished": "2025-01-21T20:52:54.171Z",
"dateReserved": "2024-12-24T23:18:54.762Z",
"dateUpdated": "2025-01-23T16:45:24.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21499 (GCVE-0-2025-21499)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21499",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:41:33.555805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:41:38.000Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:55.284Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21499",
"datePublished": "2025-01-21T20:52:55.284Z",
"dateReserved": "2024-12-24T23:18:54.762Z",
"dateUpdated": "2025-01-23T16:41:38.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21501 (GCVE-0-2025-21501)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:32:20.480166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:36:51.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:56.037Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21501",
"datePublished": "2025-01-21T20:52:56.037Z",
"dateReserved": "2024-12-24T23:18:54.763Z",
"dateUpdated": "2025-01-23T16:36:51.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37371 (GCVE-0-2024-37371)
Vulnerability from cvelistv5
Published
2024-06-28 00:00
Modified
2025-03-13 20:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:31:33.769366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T20:28:07.509Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-08T15:02:51.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://web.mit.edu/kerberos/www/advisories/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T22:06:30.396Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://web.mit.edu/kerberos/www/advisories/"
},
{
"url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-37371",
"datePublished": "2024-06-28T00:00:00.000Z",
"dateReserved": "2024-06-06T00:00:00.000Z",
"dateUpdated": "2025-03-13T20:28:07.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21494 (GCVE-0-2025-21494)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:46:29.969889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:46:33.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:53.805Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21494",
"datePublished": "2025-01-21T20:52:53.805Z",
"dateReserved": "2024-12-24T23:18:54.762Z",
"dateUpdated": "2025-01-23T16:46:33.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21548 (GCVE-0-2025-21548)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-03-18 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Connectors |
Version: * < cpe:2.3:a:oracle:mysql_connector\/python:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T17:53:03.280864Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:30:03.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_connector\\/python:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Connectors",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:15.446Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21548",
"datePublished": "2025-01-21T20:53:15.446Z",
"dateReserved": "2024-12-24T23:18:54.774Z",
"dateUpdated": "2025-03-18T13:30:03.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21503 (GCVE-0-2025-21503)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:24:57.577283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:38:16.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:56.818Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21503",
"datePublished": "2025-01-21T20:52:56.818Z",
"dateReserved": "2024-12-24T23:18:54.763Z",
"dateUpdated": "2025-01-23T16:38:16.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21497 (GCVE-0-2025-21497)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:42:53.219251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:43:46.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:54.538Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21497",
"datePublished": "2025-01-21T20:52:54.538Z",
"dateReserved": "2024-12-24T23:18:54.762Z",
"dateUpdated": "2025-01-23T16:43:46.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21521 (GCVE-0-2025-21521)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:34:04.669398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:34:41.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:04.705Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21521",
"datePublished": "2025-01-21T20:53:04.705Z",
"dateReserved": "2024-12-24T23:18:54.766Z",
"dateUpdated": "2025-01-22T18:34:41.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21519 (GCVE-0-2025-21519)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:37:23.006306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:38:29.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:03.812Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21519",
"datePublished": "2025-01-21T20:53:03.812Z",
"dateReserved": "2024-12-24T23:18:54.766Z",
"dateUpdated": "2025-01-22T18:38:29.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21491 (GCVE-0-2025-21491)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 19:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21491",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:17:37.180830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:18:15.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:52.647Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21491",
"datePublished": "2025-01-21T20:52:52.647Z",
"dateReserved": "2024-12-24T23:18:54.760Z",
"dateUpdated": "2025-01-23T19:18:15.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21536 (GCVE-0-2025-21536)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:25:51.265755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:26:36.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:10.654Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21536",
"datePublished": "2025-01-21T20:53:10.654Z",
"dateReserved": "2024-12-24T23:18:54.772Z",
"dateUpdated": "2025-01-22T18:26:36.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21522 (GCVE-0-2025-21522)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:33:39.425106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:33:43.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:05.137Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21522",
"datePublished": "2025-01-21T20:53:05.137Z",
"dateReserved": "2024-12-24T23:18:54.767Z",
"dateUpdated": "2025-01-22T18:33:43.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21490 (GCVE-0-2025-21490)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-03-01 13:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T19:32:41.318308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T19:33:52.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-01T13:05:21.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:52.253Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21490",
"datePublished": "2025-01-21T20:52:52.253Z",
"dateReserved": "2024-12-24T23:18:54.760Z",
"dateUpdated": "2025-03-01T13:05:21.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21555 (GCVE-0-2025-21555)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-02-04 16:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21555",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T15:01:44.687799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:04:04.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:18.135Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21555",
"datePublished": "2025-01-21T20:53:18.135Z",
"dateReserved": "2024-12-24T23:18:54.780Z",
"dateUpdated": "2025-02-04T16:04:04.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21546 (GCVE-0-2025-21546)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-03-18 13:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21546",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T17:58:06.903541Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T13:20:44.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:14.687Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21546",
"datePublished": "2025-01-21T20:53:14.687Z",
"dateReserved": "2024-12-24T23:18:54.774Z",
"dateUpdated": "2025-03-18T13:20:44.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21504 (GCVE-0-2025-21504)
Vulnerability from cvelistv5
Published
2025-01-21 20:52
Modified
2025-01-23 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21504",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T16:24:28.234816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T16:38:53.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:52:57.195Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21504",
"datePublished": "2025-01-21T20:52:57.195Z",
"dateReserved": "2024-12-24T23:18:54.763Z",
"dateUpdated": "2025-01-23T16:38:53.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21540 (GCVE-0-2025-21540)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:21:10.140449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:21:14.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:12.277Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21540",
"datePublished": "2025-01-21T20:53:12.277Z",
"dateReserved": "2024-12-24T23:18:54.773Z",
"dateUpdated": "2025-01-22T18:21:14.736Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21559 (GCVE-0-2025-21559)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-02-04 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21559",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:11:04.695908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:08:25.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.40_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.3_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.1.0_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.40",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.3",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.1.0",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:19.677Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21559",
"datePublished": "2025-01-21T20:53:19.677Z",
"dateReserved": "2024-12-24T23:18:54.780Z",
"dateUpdated": "2025-02-04T16:08:25.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21525 (GCVE-0-2025-21525)
Vulnerability from cvelistv5
Published
2025-01-21 20:53
Modified
2025-01-22 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Version: * < Version: * < Version: * < cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:* cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21525",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T18:29:57.364544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T18:30:21.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:mysql_server:8.0.39_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:8.4.2_and_prior:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:mysql_server:9.0.1_and_prior:*:*:*:*:*:*:*"
],
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "8.0.39",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "8.4.2",
"status": "affected",
"version": "*",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.0.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T20:53:06.259Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-21525",
"datePublished": "2025-01-21T20:53:06.259Z",
"dateReserved": "2024-12-24T23:18:54.769Z",
"dateUpdated": "2025-01-22T18:30:21.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…