Refine your search
68 vulnerabilities found for MySQL by Oracle
CERTFR-2025-AVI-0601
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Cluster versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Client versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Client versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 9.0.0 à 9.3.0 | ||
| Oracle | MySQL | MySQL Server versions 8.4.0 à 8.4.5 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.34 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.0 à 8.0.42 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.42 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 9.0.0 \u00e0 9.3.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.4.0 \u00e0 8.4.5",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.42",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-50089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50089"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-50102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50102"
},
{
"name": "CVE-2025-50100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50100"
},
{
"name": "CVE-2025-53032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53032"
},
{
"name": "CVE-2025-50076",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50076"
},
{
"name": "CVE-2025-50080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50080"
},
{
"name": "CVE-2025-50078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50078"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-50085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50085"
},
{
"name": "CVE-2025-50094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50094"
},
{
"name": "CVE-2025-50098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50098"
},
{
"name": "CVE-2025-50095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50095"
},
{
"name": "CVE-2025-50086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50086"
},
{
"name": "CVE-2025-50082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50082"
},
{
"name": "CVE-2025-50097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50097"
},
{
"name": "CVE-2025-50084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50084"
},
{
"name": "CVE-2025-50079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50079"
},
{
"name": "CVE-2025-53023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53023"
},
{
"name": "CVE-2025-50096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50096"
},
{
"name": "CVE-2025-50088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50088"
},
{
"name": "CVE-2025-50077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50077"
},
{
"name": "CVE-2025-50092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50092"
},
{
"name": "CVE-2025-50099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50099"
},
{
"name": "CVE-2025-50068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50068"
},
{
"name": "CVE-2025-50093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50093"
},
{
"name": "CVE-2025-50087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50087"
},
{
"name": "CVE-2025-50081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50081"
},
{
"name": "CVE-2025-50091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50091"
},
{
"name": "CVE-2025-50103",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50103"
},
{
"name": "CVE-2025-50104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50104"
},
{
"name": "CVE-2025-50101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50101"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-50083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50083"
},
{
"name": "CVE-2025-5399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5399"
}
],
"initial_release_date": "2025-07-18T00:00:00",
"last_revision_date": "2025-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0601",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujul2025",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
CERTFR-2025-AVI-0320
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server (InnoDB) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: UDF) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 9.0.0 | ||
| Oracle | MySQL | MySQL Cluster versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Parser) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Stored Procedure) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: DML) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: DML) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Replication) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Parser) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: PS) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Parser) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: DML) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Stored Procedure) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 8.4.0 | ||
| Oracle | MySQL | MySQL Server (Server: PS) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/C++) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Connectors (Connector/J) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Connectors (Connector/ODBC) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Replication) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Options) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Options) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Replication) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.0 à 7.6.33 | ||
| Oracle | MySQL | MySQL Server (Server: UDF) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Client (Client: mysqldump) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: Stored Procedure) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Client (Client: mysqldump) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Cluster versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: DDL) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (Server: PS) versions 8.4.0 à 8.4.4 | ||
| Oracle | MySQL | MySQL Server (Server: UDF) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Server (Server: Options) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Server (InnoDB) versions 8.0.0 à 8.0.41 | ||
| Oracle | MySQL | MySQL Connectors (Connector/J) versions 9.0.0 à 9.1.0 | ||
| Oracle | MySQL | MySQL Connectors (Connector/Python) versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 9.0.0 à 9.2.0 | ||
| Oracle | MySQL | MySQL Client (Client: mysqldump) versions 9.0.0 à 9.2.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server (InnoDB) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: UDF) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 9.0.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Stored Procedure) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Replication) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: PS) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DML) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Stored Procedure) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 8.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: PS) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/C++) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/J) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/ODBC) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Replication) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Replication) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.0 \u00e0 7.6.33",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: UDF) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client (Client: mysqldump) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Stored Procedure) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client (Client: mysqldump) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: PS) versions 8.4.0 \u00e0 8.4.4",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: UDF) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) versions 8.0.0 \u00e0 8.0.41",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/J) versions 9.0.0 \u00e0 9.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/Python) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client (Client: mysqldump) versions 9.0.0 \u00e0 9.2.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2025-30710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30710"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-30706",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30706"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2025-30714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30714"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2025-21583",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21583"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2025-30722",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30722"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2024-40896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40896"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21588",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21588"
}
],
"initial_release_date": "2025-04-16T00:00:00",
"last_revision_date": "2025-04-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0320",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-04-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpuapr2025",
"url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
}
]
}
CERTFR-2025-AVI-0054
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Enterprise Backup version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Options) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Options) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Information Schema) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Parser) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.0.36 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.4.0 | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Parser) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Backup version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Information Schema) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Performance Schema) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Backup version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Thread Pooling) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Thread Pooling) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Server (InnoDB) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Performance Schema) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Connectors (Connector/Python) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Information Schema) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 7.6.32 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Firewall (Firewall) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Components Services) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Security: Privileges) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Firewall (Firewall) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Firewall (Firewall) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Parser) version 8.0.40 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: DDL) version 8.4.3 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Packaging) version 8.4.2 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Performance Schema) version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Options) version 9.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Thread Pooling) version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Server (Server: Optimizer) version 8.0.39 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Enterprise Backup version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Information Schema) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.0.36 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.4.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Information Schema) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Performance Schema) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Thread Pooling) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Thread Pooling) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (InnoDB) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Performance Schema) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors (Connector/Python) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Information Schema) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 7.6.32 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Firewall (Firewall) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Components Services) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Security: Privileges) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Firewall (Firewall) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Firewall (Firewall) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Parser) version 8.0.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: DDL) version 8.4.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Packaging) version 8.4.2 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Performance Schema) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Options) version 9.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Thread Pooling) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server (Server: Optimizer) version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2025-21494",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21494"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2025-21566",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21566"
},
{
"name": "CVE-2025-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21534"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2025-21521",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21521"
},
{
"name": "CVE-2025-21492",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21492"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2025-21495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21495"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21548"
},
{
"name": "CVE-2025-21499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21499"
},
{
"name": "CVE-2025-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21536"
},
{
"name": "CVE-2025-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21525"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2025-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21493"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2025-21504",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21504"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2025-21567",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21567"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
}
],
"initial_release_date": "2025-01-22T00:00:00",
"last_revision_date": "2025-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0054",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpujan2025",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
CERTFR-2024-AVI-0884
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Enterprise Monitor version 8.0.39 et antérieures | ||
| Oracle | MySQL | MySQL Client versions 8.0.39, 8.4.2 et 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.39, 8.4.2 et 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 9.0.0 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.38 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.39, 8.4.2 et 9.0.1 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 7.5.35, 7.6.31, 8.0.39, 8.4.2 et 9.0.1 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Enterprise Monitor version 8.0.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.39, 8.4.2 et 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.39, 8.4.2 et 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 9.0.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.38 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.39, 8.4.2 et 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 7.5.35, 7.6.31, 8.0.39, 8.4.2 et 9.0.1 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2024-21207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21207"
},
{
"name": "CVE-2024-21262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21262"
},
{
"name": "CVE-2024-21200",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21200"
},
{
"name": "CVE-2024-21231",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21231"
},
{
"name": "CVE-2024-21197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21197"
},
{
"name": "CVE-2024-21198",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21198"
},
{
"name": "CVE-2024-21201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21201"
},
{
"name": "CVE-2024-21244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21244"
},
{
"name": "CVE-2024-21213",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21213"
},
{
"name": "CVE-2024-21247",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21247"
},
{
"name": "CVE-2024-21219",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21219"
},
{
"name": "CVE-2024-21194",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21194"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2024-21196",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21196"
},
{
"name": "CVE-2024-21199",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21199"
},
{
"name": "CVE-2024-21218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21218"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-21237",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21237"
},
{
"name": "CVE-2024-21203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21203"
},
{
"name": "CVE-2024-21212",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21212"
},
{
"name": "CVE-2024-21193",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21193"
},
{
"name": "CVE-2024-21241",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21241"
},
{
"name": "CVE-2024-21236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21236"
},
{
"name": "CVE-2024-21232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21232"
},
{
"name": "CVE-2024-21239",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21239"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-21272",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21272"
},
{
"name": "CVE-2024-21204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21204"
},
{
"name": "CVE-2024-21209",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21209"
},
{
"name": "CVE-2024-21238",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21238"
},
{
"name": "CVE-2024-21230",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21230"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2024-21243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21243"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
}
],
"initial_release_date": "2024-10-16T00:00:00",
"last_revision_date": "2024-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0884",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpuoct2024",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
CERTFR-2024-AVI-0595
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MYSQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.38, 8.4.1 et 9.0.0 sans les derniers correctifs de sécurité pour la vulnérabilité CVE-2024-21185 | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.x sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Connectors versions 8.x sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Workbench versions antérieures à 8.0.38 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.x antérieures à 7.5.35, versions 7.6.x antérieures à 7.6.31, versions 8.0.x antérieures à 8.0.38, versions 8.4.x antérieures à 8.4.1 et versions 8.1.0 et 8.3.0 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.38, versions 8.2.x et 8.3.x sans les derniers correctifs de sécurité et versions 8.4.x antérieures à 8.4.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.38, 8.4.1 et 9.0.0 sans les derniers correctifs de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-21185",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions ant\u00e9rieures \u00e0 8.0.38",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.x ant\u00e9rieures \u00e0 7.5.35, versions 7.6.x ant\u00e9rieures \u00e0 7.6.31, versions 8.0.x ant\u00e9rieures \u00e0 8.0.38, versions 8.4.x ant\u00e9rieures \u00e0 8.4.1 et versions 8.1.0 et 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9 ",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.38, versions 8.2.x et 8.3.x sans les derniers correctifs de s\u00e9curit\u00e9 et versions 8.4.x ant\u00e9rieures \u00e0 8.4.1",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21171"
},
{
"name": "CVE-2024-21160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21160"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-21142",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21142"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-21157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21157"
},
{
"name": "CVE-2024-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21166"
},
{
"name": "CVE-2024-21177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21177"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-21159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21159"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-21176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21176"
},
{
"name": "CVE-2024-21179",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21179"
},
{
"name": "CVE-2024-20996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20996"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-21127",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21127"
},
{
"name": "CVE-2024-21134",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21134"
},
{
"name": "CVE-2024-21130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21130"
},
{
"name": "CVE-2024-21135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21135"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-21137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21137"
},
{
"name": "CVE-2024-21165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21165"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2024-21185",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21185"
},
{
"name": "CVE-2024-24549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24549"
},
{
"name": "CVE-2021-24112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-24112"
},
{
"name": "CVE-2024-21162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21162"
},
{
"name": "CVE-2024-21170",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21170"
},
{
"name": "CVE-2024-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21125"
},
{
"name": "CVE-2024-21129",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21129"
},
{
"name": "CVE-2024-22257",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22257"
},
{
"name": "CVE-2024-21163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21163"
},
{
"name": "CVE-2024-21173",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21173"
}
],
"initial_release_date": "2024-07-17T00:00:00",
"last_revision_date": "2024-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0595",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MYSQL. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixMSQL"
},
{
"published_at": "2024-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2024verbose",
"url": "https://www.oracle.com/security-alerts/cpujul2024verbose.html#MSQL"
}
]
}
CERTFR-2024-AVI-0326
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster, versions 7.5.33, 7.6.29, 8.0.36, 8.2.0 et 8.3.0 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.37 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 8.0.36 et 8.3.0 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Server versions 8.0.36, 8.2.0 et 8.3.0 sans les derniers correctifs de sécurité | ||
| Oracle | MySQL | MySQL Connectors version 8.3.0 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster, versions 7.5.33, 7.6.29, 8.0.36, 8.2.0 et 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.37 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 8.0.36 et 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.36, 8.2.0 et 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors version 8.3.0 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21052"
},
{
"name": "CVE-2024-21053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21053"
},
{
"name": "CVE-2024-20998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20998"
},
{
"name": "CVE-2024-21102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21102"
},
{
"name": "CVE-2024-21049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21049"
},
{
"name": "CVE-2024-21015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21015"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-21009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21009"
},
{
"name": "CVE-2024-21050",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21050"
},
{
"name": "CVE-2024-21101",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21101"
},
{
"name": "CVE-2024-21000",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21000"
},
{
"name": "CVE-2024-21057",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21057"
},
{
"name": "CVE-2024-21096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21096"
},
{
"name": "CVE-2024-21062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21062"
},
{
"name": "CVE-2024-21055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21055"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2024-21056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21056"
},
{
"name": "CVE-2024-21047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21047"
},
{
"name": "CVE-2024-21013",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21013"
},
{
"name": "CVE-2024-21060",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21060"
},
{
"name": "CVE-2024-21090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21090"
},
{
"name": "CVE-2024-20993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20993"
},
{
"name": "CVE-2024-21087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21087"
},
{
"name": "CVE-2024-0853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0853"
},
{
"name": "CVE-2024-21061",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21061"
},
{
"name": "CVE-2024-21069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21069"
},
{
"name": "CVE-2024-21051",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21051"
},
{
"name": "CVE-2024-21054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21054"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-21008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21008"
},
{
"name": "CVE-2024-20994",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20994"
}
],
"initial_release_date": "2024-04-18T00:00:00",
"last_revision_date": "2024-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0326",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2024-AVI-0044
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Workbench versions antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.x antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.x antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Server versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions antérieures à 8.0.37 | ||
| Oracle | MySQL | MySQL Connectors versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.x antérieures à 7.6.29 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.x antérieures à 7.5.33 | ||
| Oracle | MySQL | MySQL Connectors versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.36 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Workbench versions ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 8.0.37",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.x ant\u00e9rieures \u00e0 7.6.29",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.x ant\u00e9rieures \u00e0 7.5.33",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20977"
},
{
"name": "CVE-2024-20985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20985"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2024-20964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20964"
},
{
"name": "CVE-2024-20976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20976"
},
{
"name": "CVE-2023-39975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
},
{
"name": "CVE-2024-20962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20962"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-20969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20969"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2024-20966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20966"
},
{
"name": "CVE-2024-20972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20972"
},
{
"name": "CVE-2023-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50164"
},
{
"name": "CVE-2024-20961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20961"
},
{
"name": "CVE-2024-20983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20983"
},
{
"name": "CVE-2024-20984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20984"
},
{
"name": "CVE-2023-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41105"
},
{
"name": "CVE-2024-20963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20963"
},
{
"name": "CVE-2024-20981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20981"
},
{
"name": "CVE-2024-20974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20974"
},
{
"name": "CVE-2024-20975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20975"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2024-20982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20982"
},
{
"name": "CVE-2024-20971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20971"
},
{
"name": "CVE-2024-20978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20978"
},
{
"name": "CVE-2024-20973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20973"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2024-20965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20965"
},
{
"name": "CVE-2024-20967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20967"
},
{
"name": "CVE-2024-20970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20970"
},
{
"name": "CVE-2024-20968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20968"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-20960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20960"
}
],
"initial_release_date": "2024-01-17T00:00:00",
"last_revision_date": "2024-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0044",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixMSQL"
}
]
}
CERTFR-2023-AVI-0863
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.35 et antérieures | ||
| Oracle | MySQL | MySQL Installer versions antérieures à 1.6.8 | ||
| Oracle | MySQL | MySQL Server 5.7.43 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.34 et antérieures | ||
| Oracle | MySQL | MySQL Server version 8.1.0 | ||
| Oracle | MySQL | MySQL Connectors versions 8.1.0 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.35 et antérieures | ||
| Oracle | MySQL | MySQL Cluster version 8.1.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Installer versions ant\u00e9rieures \u00e0 1.6.8",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server 5.7.43 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server version 8.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.1.0 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster version 8.1.0",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22094",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22094"
},
{
"name": "CVE-2023-22015",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22015"
},
{
"name": "CVE-2023-22103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22103"
},
{
"name": "CVE-2023-22095",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22095"
},
{
"name": "CVE-2023-22026",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22026"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-22065",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22065"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-22110",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22110"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2023-22113",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22113"
},
{
"name": "CVE-2023-22070",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22070"
},
{
"name": "CVE-2023-22102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22102"
},
{
"name": "CVE-2023-22112",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22112"
},
{
"name": "CVE-2023-34034",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34034"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-34396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34396"
},
{
"name": "CVE-2023-22028",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22028"
},
{
"name": "CVE-2023-22032",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22032"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2023-22104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22104"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-22078",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22078"
},
{
"name": "CVE-2023-22092",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22092"
},
{
"name": "CVE-2023-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22084"
},
{
"name": "CVE-2023-22115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22115"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-22064",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22064"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2023-22114",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22114"
},
{
"name": "CVE-2023-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
},
{
"name": "CVE-2023-22097",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22097"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-34149",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34149"
},
{
"name": "CVE-2023-22059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22059"
},
{
"name": "CVE-2023-22079",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22079"
},
{
"name": "CVE-2023-22111",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22111"
},
{
"name": "CVE-2023-22066",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22066"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-22068",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22068"
}
],
"initial_release_date": "2023-10-18T00:00:00",
"last_revision_date": "2023-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0863",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023verbose du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
]
}
CERTFR-2023-AVI-0563
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions 5.7.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22033",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22033"
},
{
"name": "CVE-2023-22038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22038"
},
{
"name": "CVE-2023-20862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20862"
},
{
"name": "CVE-2023-22057",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22057"
},
{
"name": "CVE-2023-22058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22058"
},
{
"name": "CVE-2023-22005",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22005"
},
{
"name": "CVE-2023-22048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22048"
},
{
"name": "CVE-2023-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22007"
},
{
"name": "CVE-2023-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22008"
},
{
"name": "CVE-2023-22056",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22056"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-28709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
},
{
"name": "CVE-2023-22046",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22046"
},
{
"name": "CVE-2022-37865",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37865"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-22054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22054"
},
{
"name": "CVE-2023-22053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22053"
},
{
"name": "CVE-2023-21950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21950"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
}
],
"initial_release_date": "2023-07-19T00:00:00",
"last_revision_date": "2023-07-19T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0563",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"initial_release_date": "2023-04-19T00:00:00",
"last_revision_date": "2023-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
CERTFR-2023-AVI-0034
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.5.28 et antérieures | ||
| Oracle | MySQL | MySQL Shell versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CC Common Application Objects version 9.2 | ||
| Oracle | MySQL | MySQL Server versions 5.7.40 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.24 et antérieures | ||
| Oracle | Java SE | Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1 | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.31 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 7.0.6 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.32 et antérieures | ||
| Oracle | Database Server | Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CS Academic Advisement version 9.2 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 6.1.42 | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.38 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2023-21893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2023-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2023-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
},
{
"name": "CVE-2023-21845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
},
{
"name": "CVE-2022-39429",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
},
{
"name": "CVE-2023-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
},
{
"name": "CVE-2023-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2023-21882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
},
{
"name": "CVE-2023-21886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
},
{
"name": "CVE-2023-21837",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
},
{
"name": "CVE-2023-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2023-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
},
{
"name": "CVE-2023-21884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
},
{
"name": "CVE-2023-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
}
],
"initial_release_date": "2023-01-18T00:00:00",
"last_revision_date": "2023-01-18T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0034",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
]
}
CERTFR-2022-AVI-931
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Installer versions 1.6.3 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.30 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 4.1.4 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.30 et antérieures | ||
| Oracle | MySQL | MySQL Shell versions 8.0.30 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.30 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.39 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.31 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Installer versions 1.6.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 4.1.4 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Shell versions 8.0.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-39404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39404"
},
{
"name": "CVE-2022-39402",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39402"
},
{
"name": "CVE-2022-21640",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21640"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21600"
},
{
"name": "CVE-2022-21625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21625"
},
{
"name": "CVE-2022-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39410"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-39408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39408"
},
{
"name": "CVE-2022-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21599"
},
{
"name": "CVE-2022-39403",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39403"
},
{
"name": "CVE-2022-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21607"
},
{
"name": "CVE-2022-21633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21633"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2022-21638",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21638"
},
{
"name": "CVE-2022-34305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34305"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-21641",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21641"
},
{
"name": "CVE-2022-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21604"
},
{
"name": "CVE-2022-21605",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21605"
},
{
"name": "CVE-2022-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21637"
},
{
"name": "CVE-2022-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21611"
},
{
"name": "CVE-2022-39400",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39400"
},
{
"name": "CVE-2022-21635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21635"
},
{
"name": "CVE-2022-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21594"
},
{
"name": "CVE-2022-21632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21632"
}
],
"initial_release_date": "2022-10-19T00:00:00",
"last_revision_date": "2022-10-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-931",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2022 du 18 octobre 2022",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL"
}
]
}
CERTFR-2022-AVI-655
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster 8.x versions 8.0.29 et antérieures | ||
| Oracle | MySQL | MySQL Cluster 7.6.x versions 7.6.22 et antérieures | ||
| Oracle | MySQL | MySQL Cluster 7.5.x versions 7.5.26 et antérieures | ||
| Oracle | MySQL | MySQL Shell pour VS Code versions 1.1.8 et antérieures | ||
| Oracle | MySQL | MySQL Server 5.x versions 5.7.38 et antérieures | ||
| Oracle | MySQL | MySQL Cluster 7.4.x versions 7.4.36 et antérieures | ||
| Oracle | MySQL | MySQL Server 8.x versions 8.0.30 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster 8.x versions 8.0.29 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster 7.6.x versions 7.6.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster 7.5.x versions 7.5.26 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Shell pour VS Code versions 1.1.8 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server 5.x versions 5.7.38 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster 7.4.x versions 7.4.36 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server 8.x versions 8.0.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21538"
},
{
"name": "CVE-2022-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21522"
},
{
"name": "CVE-2022-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21529"
},
{
"name": "CVE-2022-21526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21526"
},
{
"name": "CVE-2022-21528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21528"
},
{
"name": "CVE-2022-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21519"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2022-21530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21530"
},
{
"name": "CVE-2022-21517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21517"
},
{
"name": "CVE-2022-21539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21539"
},
{
"name": "CVE-2022-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21531"
},
{
"name": "CVE-2022-21515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21515"
},
{
"name": "CVE-2022-21527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21527"
},
{
"name": "CVE-2020-26237",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26237"
},
{
"name": "CVE-2022-21550",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21550"
},
{
"name": "CVE-2021-31805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31805"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-21553",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21553"
},
{
"name": "CVE-2022-21509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21509"
},
{
"name": "CVE-2022-21455",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21455"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2022-21556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21556"
},
{
"name": "CVE-2022-21535",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21535"
},
{
"name": "CVE-2022-21537",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21537"
},
{
"name": "CVE-2022-21547",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21547"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21555"
},
{
"name": "CVE-2022-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21534"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2022-21569",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21569"
},
{
"name": "CVE-2022-21525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21525"
},
{
"name": "CVE-2021-22119",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22119"
}
],
"initial_release_date": "2022-07-20T00:00:00",
"last_revision_date": "2022-07-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-655",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#MSQL"
}
]
}
CERTFR-2022-AVI-365
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.5.25 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.35 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.37 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.21 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.28 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.29 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.5.25 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.35 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.37 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.21 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.29 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21436"
},
{
"name": "CVE-2022-21418",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21418"
},
{
"name": "CVE-2022-21435",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21435"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2022-21452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21452"
},
{
"name": "CVE-2022-21415",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21415"
},
{
"name": "CVE-2022-21440",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21440"
},
{
"name": "CVE-2022-21479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21479"
},
{
"name": "CVE-2022-21414",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21414"
},
{
"name": "CVE-2022-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21490"
},
{
"name": "CVE-2021-41184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41184"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2022-21457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21457"
},
{
"name": "CVE-2022-21413",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21413"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2022-21437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21437"
},
{
"name": "CVE-2022-21425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21425"
},
{
"name": "CVE-2022-21486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21486"
},
{
"name": "CVE-2022-21489",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21489"
},
{
"name": "CVE-2022-21485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21485"
},
{
"name": "CVE-2022-21484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21484"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2022-21462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21462"
},
{
"name": "CVE-2022-21478",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21478"
},
{
"name": "CVE-2022-21459",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21459"
},
{
"name": "CVE-2022-21412",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21412"
},
{
"name": "CVE-2022-21423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21423"
},
{
"name": "CVE-2022-21438",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21438"
}
],
"initial_release_date": "2022-04-20T00:00:00",
"last_revision_date": "2022-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-365",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#MSQL"
}
]
}
CERTFR-2022-AVI-052
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une exécution de code arbitraire et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.6.20 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.34 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.x antérieures à 8.0.28 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.x antérieures à 8.0.28 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.24 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.x antérieures à 5.7.37 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.x antérieures à 8.0.28 | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.28 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.6.20 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.34 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.x ant\u00e9rieures \u00e0 8.0.28",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.x ant\u00e9rieures \u00e0 8.0.28",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.x ant\u00e9rieures \u00e0 5.7.37",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.x ant\u00e9rieures \u00e0 8.0.28",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.28",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21253"
},
{
"name": "CVE-2022-21363",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21363"
},
{
"name": "CVE-2022-21331",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21331"
},
{
"name": "CVE-2022-21322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21322"
},
{
"name": "CVE-2022-21315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21315"
},
{
"name": "CVE-2022-21379",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21379"
},
{
"name": "CVE-2022-21314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21314"
},
{
"name": "CVE-2022-21311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21311"
},
{
"name": "CVE-2022-21337",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21337"
},
{
"name": "CVE-2022-21297",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21297"
},
{
"name": "CVE-2022-21285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21285"
},
{
"name": "CVE-2022-21320",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21320"
},
{
"name": "CVE-2022-21310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21310"
},
{
"name": "CVE-2022-21332",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21332"
},
{
"name": "CVE-2022-21302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21302"
},
{
"name": "CVE-2022-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21351"
},
{
"name": "CVE-2022-21330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21330"
},
{
"name": "CVE-2022-21286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21286"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2022-21327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21327"
},
{
"name": "CVE-2022-21335",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21335"
},
{
"name": "CVE-2022-21321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21321"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2022-21284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21284"
},
{
"name": "CVE-2022-21316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21316"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2022-21356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21356"
},
{
"name": "CVE-2022-21358",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21358"
},
{
"name": "CVE-2022-21324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21324"
},
{
"name": "CVE-2022-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21342"
},
{
"name": "CVE-2022-21357",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21357"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2022-21323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21323"
},
{
"name": "CVE-2022-21326",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21326"
},
{
"name": "CVE-2022-21301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21301"
},
{
"name": "CVE-2022-21264",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21264"
},
{
"name": "CVE-2022-21362",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21362"
},
{
"name": "CVE-2022-21329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21329"
},
{
"name": "CVE-2022-21380",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21380"
},
{
"name": "CVE-2022-21249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21249"
},
{
"name": "CVE-2022-21265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21265"
},
{
"name": "CVE-2022-21254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21254"
},
{
"name": "CVE-2022-21325",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21325"
},
{
"name": "CVE-2022-21307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21307"
},
{
"name": "CVE-2022-21372",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21372"
},
{
"name": "CVE-2022-21355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21355"
},
{
"name": "CVE-2022-21256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21256"
},
{
"name": "CVE-2022-21280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21280"
},
{
"name": "CVE-2022-21368",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21368"
},
{
"name": "CVE-2022-21333",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21333"
},
{
"name": "CVE-2022-21288",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21288"
},
{
"name": "CVE-2022-21318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21318"
},
{
"name": "CVE-2022-21289",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21289"
},
{
"name": "CVE-2022-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21348"
},
{
"name": "CVE-2022-21328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21328"
},
{
"name": "CVE-2022-21278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21278"
},
{
"name": "CVE-2022-21319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21319"
},
{
"name": "CVE-2022-21308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21308"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-21287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21287"
},
{
"name": "CVE-2022-21378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21378"
},
{
"name": "CVE-2022-21336",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21336"
},
{
"name": "CVE-2022-21309",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21309"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2022-21279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21279"
},
{
"name": "CVE-2022-21317",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21317"
},
{
"name": "CVE-2022-21352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21352"
},
{
"name": "CVE-2022-21312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21312"
},
{
"name": "CVE-2022-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21290"
},
{
"name": "CVE-2022-21334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21334"
},
{
"name": "CVE-2022-21374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21374"
},
{
"name": "CVE-2022-21370",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21370"
},
{
"name": "CVE-2022-21313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21313"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2021-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3634"
},
{
"name": "CVE-2022-21339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21339"
}
],
"initial_release_date": "2022-01-19T00:00:00",
"last_revision_date": "2022-01-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, une ex\u00e9cution de code arbitraire et une atteinte\n\u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL"
}
]
}
CERTFR-2021-AVI-801
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Connectors versions 8.0.x antérieures à 8.0.27 | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.27 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.x antérieures à 8.0.27 | ||
| Oracle | MySQL | MySQL Client versions 8.0.x antérieures à 8.0.27 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.x antérieures à 7.5.24 | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.x antérieures à 7.6.20 | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.x antérieures à 7.4.34 | ||
| Oracle | MySQL | MySQL Server versions 5.7.x antérieures à 5.7.36 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.x antérieures à 8.0.27 | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.x antérieures à 8.0.27 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Connectors versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.x ant\u00e9rieures \u00e0 7.5.24",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.x ant\u00e9rieures \u00e0 7.6.20",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.x ant\u00e9rieures \u00e0 7.4.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.x ant\u00e9rieures \u00e0 5.7.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.x ant\u00e9rieures \u00e0 8.0.27",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-35636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35636"
},
{
"name": "CVE-2021-35583",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35583"
},
{
"name": "CVE-2021-35613",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35613"
},
{
"name": "CVE-2021-35639",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35639"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2021-35598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35598"
},
{
"name": "CVE-2021-35575",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35575"
},
{
"name": "CVE-2021-22118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22118"
},
{
"name": "CVE-2021-35623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35623"
},
{
"name": "CVE-2021-35640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35640"
},
{
"name": "CVE-2021-35596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35596"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2021-35612",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35612"
},
{
"name": "CVE-2021-35618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35618"
},
{
"name": "CVE-2021-22112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22112"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-2471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2471"
},
{
"name": "CVE-2021-33037",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33037"
},
{
"name": "CVE-2021-35537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35537"
},
{
"name": "CVE-2021-35621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35621"
},
{
"name": "CVE-2021-35608",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35608"
},
{
"name": "CVE-2021-35647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35647"
},
{
"name": "CVE-2021-35635",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35635"
},
{
"name": "CVE-2021-35610",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35610"
},
{
"name": "CVE-2021-35602",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35602"
},
{
"name": "CVE-2021-35577",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35577"
},
{
"name": "CVE-2021-35646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35646"
},
{
"name": "CVE-2021-35607",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35607"
},
{
"name": "CVE-2021-35625",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35625"
},
{
"name": "CVE-2021-35626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35626"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-35632",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35632"
},
{
"name": "CVE-2021-35648",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35648"
},
{
"name": "CVE-2021-35597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35597"
},
{
"name": "CVE-2021-35628",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35628"
},
{
"name": "CVE-2021-35546",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35546"
},
{
"name": "CVE-2021-35591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35591"
},
{
"name": "CVE-2021-35637",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35637"
},
{
"name": "CVE-2021-2479",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2479"
},
{
"name": "CVE-2021-35629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35629"
},
{
"name": "CVE-2021-35627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35627"
},
{
"name": "CVE-2021-35590",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35590"
},
{
"name": "CVE-2021-35592",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35592"
},
{
"name": "CVE-2021-35584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35584"
},
{
"name": "CVE-2021-35644",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35644"
},
{
"name": "CVE-2021-35631",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35631"
},
{
"name": "CVE-2021-35642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35642"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2021-35638",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35638"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2021-35634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35634"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-35622",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35622"
},
{
"name": "CVE-2021-35594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35594"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35643",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35643"
},
{
"name": "CVE-2021-2478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2478"
},
{
"name": "CVE-2021-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2481"
},
{
"name": "CVE-2021-35645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35645"
},
{
"name": "CVE-2021-35593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35593"
},
{
"name": "CVE-2021-35630",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35630"
},
{
"name": "CVE-2021-35641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35641"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2021-35633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35633"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
}
],
"initial_release_date": "2021-10-20T00:00:00",
"last_revision_date": "2021-10-20T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Oracle\u00a0cpuoct2021 du 19 octobre 2021",
"url": "https://www.oracle.com/security-alerts/cpuoct2021verbose.html#MSQL"
}
],
"reference": "CERTFR-2021-AVI-801",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2021 du 19 octobre 2021",
"url": null
}
]
}
CERTFR-2021-AVI-558
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions ant\u00e9rieures \u00e0 5.7.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions ant\u00e9rieures \u00e0 8.0.25",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-2352",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2352"
},
{
"name": "CVE-2021-2441",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2441"
},
{
"name": "CVE-2021-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2357"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2021-2427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2427"
},
{
"name": "CVE-2021-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2374"
},
{
"name": "CVE-2021-2424",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2424"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2021-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2412"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-2429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2429"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2021-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2422"
},
{
"name": "CVE-2021-2354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2354"
},
{
"name": "CVE-2021-2367",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2367"
},
{
"name": "CVE-2021-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2384"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2021-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2437"
},
{
"name": "CVE-2021-2418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2418"
},
{
"name": "CVE-2021-2411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2411"
},
{
"name": "CVE-2021-2425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2425"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2444"
},
{
"name": "CVE-2021-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2399"
},
{
"name": "CVE-2021-2339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2339"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2021-22884",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
},
{
"name": "CVE-2021-2410",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2410"
},
{
"name": "CVE-2021-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2402"
},
{
"name": "CVE-2021-2340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2340"
},
{
"name": "CVE-2021-2387",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2387"
},
{
"name": "CVE-2021-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2370"
},
{
"name": "CVE-2021-25122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25122"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2021-2440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2440"
},
{
"name": "CVE-2021-2417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2417"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2021-2426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2426"
},
{
"name": "CVE-2021-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2383"
}
],
"initial_release_date": "2021-07-21T00:00:00",
"last_revision_date": "2021-07-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-558",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2021 du 20 juillet 2021",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
}
]
}
CERTFR-2021-AVI-296
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL versions ant\u00e9rieures \u00e0 5.7.34",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL versions ant\u00e9rieures \u00e0 8.0.24",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-2170",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2170"
},
{
"name": "CVE-2021-2215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2215"
},
{
"name": "CVE-2021-2172",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2172"
},
{
"name": "CVE-2021-2299",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2299"
},
{
"name": "CVE-2021-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2196"
},
{
"name": "CVE-2021-2305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2305"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2021-2164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2164"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2021-2201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2201"
},
{
"name": "CVE-2021-2300",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2300"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2021-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2230"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2021-2203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2203"
},
{
"name": "CVE-2021-2208",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2208"
},
{
"name": "CVE-2021-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
},
{
"name": "CVE-2021-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2193"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2021-2301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2301"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2021-2298",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2298"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-8277",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8277"
},
{
"name": "CVE-2021-2308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2308"
},
{
"name": "CVE-2021-2293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2293"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2021-2278",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2278"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2020-17527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
},
{
"name": "CVE-2021-2304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2304"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2021-2212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2212"
},
{
"name": "CVE-2021-2232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2232"
},
{
"name": "CVE-2021-2213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2213"
},
{
"name": "CVE-2021-2217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2217"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2020-17530",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17530"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
}
],
"initial_release_date": "2021-04-21T00:00:00",
"last_revision_date": "2021-04-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-296",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle MySQL cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#MSQL"
}
]
}
CERTFR-2021-AVI-044
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Workbench versions 8.0.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 8.0.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-2070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2070"
},
{
"name": "CVE-2021-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2056"
},
{
"name": "CVE-2021-2061",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2061"
},
{
"name": "CVE-2021-2028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2028"
},
{
"name": "CVE-2021-2022",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2022"
},
{
"name": "CVE-2021-2046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2046"
},
{
"name": "CVE-2021-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1998"
},
{
"name": "CVE-2021-2072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2072"
},
{
"name": "CVE-2020-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2019",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2019"
},
{
"name": "CVE-2021-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2065"
},
{
"name": "CVE-2021-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2014"
},
{
"name": "CVE-2021-2021",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2021"
},
{
"name": "CVE-2021-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2002"
},
{
"name": "CVE-2021-2076",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2076"
},
{
"name": "CVE-2021-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2058"
},
{
"name": "CVE-2021-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2007"
},
{
"name": "CVE-2021-2122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2122"
},
{
"name": "CVE-2021-2081",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2081"
},
{
"name": "CVE-2021-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2001"
},
{
"name": "CVE-2021-2010",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2010"
},
{
"name": "CVE-2021-2032",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2032"
},
{
"name": "CVE-2021-2030",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2030"
},
{
"name": "CVE-2021-2087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2087"
},
{
"name": "CVE-2021-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2088"
},
{
"name": "CVE-2021-2036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2036"
},
{
"name": "CVE-2021-2009",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2009"
},
{
"name": "CVE-2021-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2024"
},
{
"name": "CVE-2020-5408",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5408"
},
{
"name": "CVE-2021-2038",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2038"
},
{
"name": "CVE-2021-2060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2060"
},
{
"name": "CVE-2021-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2006"
},
{
"name": "CVE-2019-10086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10086"
},
{
"name": "CVE-2021-2012",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2012"
},
{
"name": "CVE-2021-2042",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2042"
},
{
"name": "CVE-2021-2016",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2016"
},
{
"name": "CVE-2021-2020",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2020"
},
{
"name": "CVE-2021-2031",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2031"
},
{
"name": "CVE-2021-2011",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2011"
},
{
"name": "CVE-2021-2055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2055"
},
{
"name": "CVE-2021-2048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2048"
}
],
"initial_release_date": "2021-01-20T00:00:00",
"last_revision_date": "2021-01-20T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-044",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2021 du 19 janvier 2021",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
CERTFR-2020-AVI-664
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données. L'éditeur considère que la CVE-2020-4051 n'est pas exploitable dans le contexte d'utilisation du produit.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL versions 8.0.21 et antérieures | ||
| Oracle | MySQL | Oracle MySQL versions 5.6.49 et antérieures | ||
| Oracle | MySQL | Oracle MySQL Cluster versions 7.5.19 et antérieures | ||
| Oracle | MySQL | Oracle MySQL Cluster versions 7.6.15 et antérieures | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.31 et antérieures | ||
| Oracle | MySQL | Oracle MySQL Cluster versions 7.4.29 et antérieures | ||
| Oracle | MySQL | Oracle MySQL Cluster versions 7.3.30 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL versions 8.0.21 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.6.49 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster versions 7.5.19 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster versions 7.6.15 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster versions 7.4.29 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster versions 7.3.30 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14861",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14861"
},
{
"name": "CVE-2020-14773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14773"
},
{
"name": "CVE-2020-1730",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1730"
},
{
"name": "CVE-2020-14829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14829"
},
{
"name": "CVE-2020-14777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14777"
},
{
"name": "CVE-2020-14839",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14839"
},
{
"name": "CVE-2020-14771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14771"
},
{
"name": "CVE-2020-14870",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14870"
},
{
"name": "CVE-2020-14785",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14785"
},
{
"name": "CVE-2020-14891",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14891"
},
{
"name": "CVE-2020-4051",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4051"
},
{
"name": "CVE-2020-14804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14804"
},
{
"name": "CVE-2020-14844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14844"
},
{
"name": "CVE-2020-8174",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8174"
},
{
"name": "CVE-2020-14873",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14873"
},
{
"name": "CVE-2020-14769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14769"
},
{
"name": "CVE-2020-14869",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14869"
},
{
"name": "CVE-2020-14790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14790"
},
{
"name": "CVE-2020-14799",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14799"
},
{
"name": "CVE-2020-14793",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14793"
},
{
"name": "CVE-2020-14789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14789"
},
{
"name": "CVE-2020-13935",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13935"
},
{
"name": "CVE-2020-14765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14765"
},
{
"name": "CVE-2020-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14866"
},
{
"name": "CVE-2020-14836",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14836"
},
{
"name": "CVE-2020-14888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14888"
},
{
"name": "CVE-2020-14809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14809"
},
{
"name": "CVE-2020-14853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14853"
},
{
"name": "CVE-2020-14846",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14846"
},
{
"name": "CVE-2020-14827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14827"
},
{
"name": "CVE-2020-14845",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14845"
},
{
"name": "CVE-2020-14800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14800"
},
{
"name": "CVE-2020-14878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14878"
},
{
"name": "CVE-2020-14852",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14852"
},
{
"name": "CVE-2020-14868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14868"
},
{
"name": "CVE-2020-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14814"
},
{
"name": "CVE-2020-14837",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14837"
},
{
"name": "CVE-2020-14672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14672"
},
{
"name": "CVE-2020-14830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14830"
},
{
"name": "CVE-2020-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14893"
},
{
"name": "CVE-2020-14794",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14794"
},
{
"name": "CVE-2020-14786",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14786"
},
{
"name": "CVE-2020-14828",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14828"
},
{
"name": "CVE-2020-14812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14812"
},
{
"name": "CVE-2020-14838",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14838"
},
{
"name": "CVE-2020-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14821"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2020-14776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14776"
},
{
"name": "CVE-2020-14860",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14860"
},
{
"name": "CVE-2020-14791",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14791"
},
{
"name": "CVE-2020-14775",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14775"
},
{
"name": "CVE-2020-14760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14760"
},
{
"name": "CVE-2020-14848",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14848"
},
{
"name": "CVE-2020-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14867"
}
],
"initial_release_date": "2020-10-21T00:00:00",
"last_revision_date": "2020-10-21T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-664",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es. L\u0027\u00e9diteur consid\u00e8re que la CVE-2020-4051\nn\u0027est pas exploitable dans le contexte d\u0027utilisation du produit.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2020 du 20 octobre 2020",
"url": "https://www.oracle.com/security-alerts/cpuoct2020verbose.html"
}
]
}
CERTFR-2020-AVI-435
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL Cluster 8.x versions antérieures à 8.0.21 | ||
| Oracle | MySQL | Oracle MySQL Cluster 7.5.x versions antérieures à 7.5.19 | ||
| Oracle | MySQL | Oracle MySQL Server 5.6.x versions antérieures à 5.6.49 | ||
| Oracle | MySQL | Oracle MySQL Server 5.7.x versions antérieures à 5.7.31 | ||
| Oracle | MySQL | Oracle MySQL Server 8.x versions antérieures à 8.0.21 | ||
| Oracle | MySQL | Oracle MySQL Cluster 7.3.x versions antérieures à 7.3.30 | ||
| Oracle | MySQL | Oracle MySQL Cluster 7.6x versions antérieures à 7.6.15 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Monitor 8.x versions antérieures à 8.0.21 | ||
| Oracle | MySQL | Oracle MySQL Cluster 7.4.x versions antérieures à 7.4.29 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Monitor 4.x versions antérieures à 4.0.13 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL Cluster 8.x versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster 7.5.x versions ant\u00e9rieures \u00e0 7.5.19",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server 5.6.x versions ant\u00e9rieures \u00e0 5.6.49",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server 5.7.x versions ant\u00e9rieures \u00e0 5.7.31",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server 8.x versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster 7.3.x versions ant\u00e9rieures \u00e0 7.3.30",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster 7.6x versions ant\u00e9rieures \u00e0 7.6.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Monitor 8.x versions ant\u00e9rieures \u00e0 8.0.21",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Cluster 7.4.x versions ant\u00e9rieures \u00e0 7.4.29",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Monitor 4.x versions ant\u00e9rieures \u00e0 4.0.13",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14591",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14591"
},
{
"name": "CVE-2020-14586",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14586"
},
{
"name": "CVE-2020-14641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14641"
},
{
"name": "CVE-2020-14620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14620"
},
{
"name": "CVE-2020-14576",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14576"
},
{
"name": "CVE-2020-14623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14623"
},
{
"name": "CVE-2020-14624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14624"
},
{
"name": "CVE-2020-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14540"
},
{
"name": "CVE-2020-14619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14619"
},
{
"name": "CVE-2020-14632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14632"
},
{
"name": "CVE-2020-14547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14547"
},
{
"name": "CVE-2020-14614",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14614"
},
{
"name": "CVE-2020-14597",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14597"
},
{
"name": "CVE-2020-5398",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5398"
},
{
"name": "CVE-2020-14663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14663"
},
{
"name": "CVE-2020-14654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14654"
},
{
"name": "CVE-2020-14559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14559"
},
{
"name": "CVE-2020-14697",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14697"
},
{
"name": "CVE-2020-14634",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14634"
},
{
"name": "CVE-2020-14656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14656"
},
{
"name": "CVE-2020-14680",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14680"
},
{
"name": "CVE-2020-14633",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14633"
},
{
"name": "CVE-2020-14550",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14550"
},
{
"name": "CVE-2020-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
},
{
"name": "CVE-2020-14678",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14678"
},
{
"name": "CVE-2020-14539",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14539"
},
{
"name": "CVE-2020-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
},
{
"name": "CVE-2020-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14567"
},
{
"name": "CVE-2020-14631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14631"
},
{
"name": "CVE-2020-14643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14643"
},
{
"name": "CVE-2020-14553",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14553"
},
{
"name": "CVE-2020-14651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14651"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2020-14575",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14575"
},
{
"name": "CVE-2020-14568",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14568"
},
{
"name": "CVE-2020-14702",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14702"
},
{
"name": "CVE-2020-5258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5258"
}
],
"initial_release_date": "2020-07-15T00:00:00",
"last_revision_date": "2020-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-435",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 d\u00e9taill\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
CERTFR-2020-AVI-218
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Client versions 5.6.47 et antérieures, 5.7.29 et antérieures, 8.0.18 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.3.28 et antérieures, 7.4.27 et antérieures, 7.5.17 et antérieures, 7.6.13 et antérieures, 8.0.19 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.19 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.11.5331 et antérieures, 8.0.18.1217 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.47 et antérieures, 5.7.29 et antérieures, 8.0.19 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 5.1.48 et antérieures, 8.0.19 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Client versions 5.6.47 et ant\u00e9rieures, 5.7.29 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.3.28 et ant\u00e9rieures, 7.4.27 et ant\u00e9rieures, 7.5.17 et ant\u00e9rieures, 7.6.13 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.19 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.11.5331 et ant\u00e9rieures, 8.0.18.1217 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.47 et ant\u00e9rieures, 5.7.29 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 5.1.48 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2921",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
},
{
"name": "CVE-2020-2933",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
},
{
"name": "CVE-2020-2875",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
},
{
"name": "CVE-2020-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
},
{
"name": "CVE-2020-2892",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
},
{
"name": "CVE-2020-2853",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
},
{
"name": "CVE-2020-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
},
{
"name": "CVE-2020-2934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
},
{
"name": "CVE-2020-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
},
{
"name": "CVE-2020-2760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
},
{
"name": "CVE-2020-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
},
{
"name": "CVE-2020-2928",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
},
{
"name": "CVE-2020-2770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
},
{
"name": "CVE-2020-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2020-2897",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
},
{
"name": "CVE-2020-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
},
{
"name": "CVE-2020-2930",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
},
{
"name": "CVE-2020-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
},
{
"name": "CVE-2020-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
},
{
"name": "CVE-2020-2903",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2020-2768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2768"
},
{
"name": "CVE-2020-2926",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
},
{
"name": "CVE-2020-2904",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
},
{
"name": "CVE-2020-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
},
{
"name": "CVE-2020-2896",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
},
{
"name": "CVE-2020-2763",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
},
{
"name": "CVE-2020-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
},
{
"name": "CVE-2020-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
},
{
"name": "CVE-2020-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
},
{
"name": "CVE-2020-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
},
{
"name": "CVE-2020-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
},
{
"name": "CVE-2020-2762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2762"
},
{
"name": "CVE-2020-2925",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2020-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
},
{
"name": "CVE-2019-14889",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14889"
},
{
"name": "CVE-2019-17563",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
},
{
"name": "CVE-2020-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
},
{
"name": "CVE-2019-15601",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15601"
},
{
"name": "CVE-2020-2898",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2898"
},
{
"name": "CVE-2020-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
},
{
"name": "CVE-2020-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
}
],
"initial_release_date": "2020-04-15T00:00:00",
"last_revision_date": "2020-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-218",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#MSQL"
}
]
}
CERTFR-2020-AVI-036
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Client versions 5.6.46 et antérieures, 5.7.28 et antérieures, 8.0.18 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.46 et antérieures, 5.7.28 et antérieures, 8.0.18 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 5.3.13 et antérieures, 8.0.18 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Backup versions 3.12.4 et antérieures, 4.1.3 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.3.27 et antérieures, 7.4.25 et antérieures, 7.5.15 et antérieures, 7.6.12 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.18 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Client versions 5.6.46 et ant\u00e9rieures, 5.7.28 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.46 et ant\u00e9rieures, 5.7.28 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 5.3.13 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Backup versions 3.12.4 et ant\u00e9rieures, 4.1.3 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.3.27 et ant\u00e9rieures, 7.4.25 et ant\u00e9rieures, 7.5.15 et ant\u00e9rieures, 7.6.12 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.18 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
},
{
"name": "CVE-2020-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
},
{
"name": "CVE-2020-2679",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
},
{
"name": "CVE-2020-2574",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
},
{
"name": "CVE-2020-2660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
},
{
"name": "CVE-2020-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
},
{
"name": "CVE-2020-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
},
{
"name": "CVE-2020-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2580"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2020-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
},
{
"name": "CVE-2019-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
},
{
"name": "CVE-2020-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
},
{
"name": "CVE-2020-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2588"
},
{
"name": "CVE-2020-2573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
},
{
"name": "CVE-2020-2572",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
},
{
"name": "CVE-2020-2570",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2020-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
}
],
"initial_release_date": "2020-01-15T00:00:00",
"last_revision_date": "2020-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-036",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020verbose du 14 janvier 2020",
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html#MSQL"
}
]
}
CERTFR-2019-AVI-509
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Workbench versions 8.0.17 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.17 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.17 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 5.3.13 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.27 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.45 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.17 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Workbench versions 8.0.17 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.17 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.17 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 5.3.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.27 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.45 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.17 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2982",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2982"
},
{
"name": "CVE-2019-3003",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3003"
},
{
"name": "CVE-2019-3018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3018"
},
{
"name": "CVE-2019-2993",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2993"
},
{
"name": "CVE-2019-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
},
{
"name": "CVE-2019-2966",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2966"
},
{
"name": "CVE-2019-2991",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2991"
},
{
"name": "CVE-2019-2997",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2997"
},
{
"name": "CVE-2019-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3004"
},
{
"name": "CVE-2019-2914",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2914"
},
{
"name": "CVE-2019-3009",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3009"
},
{
"name": "CVE-2019-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2938"
},
{
"name": "CVE-2019-10072",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10072"
},
{
"name": "CVE-2019-2969",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2969"
},
{
"name": "CVE-2019-2957",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2957"
},
{
"name": "CVE-2019-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2911"
},
{
"name": "CVE-2019-2923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2923"
},
{
"name": "CVE-2019-2967",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2967"
},
{
"name": "CVE-2019-2920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2920"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-2946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2946"
},
{
"name": "CVE-2019-3011",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3011"
},
{
"name": "CVE-2019-2998",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2998"
},
{
"name": "CVE-2019-2974",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2974"
},
{
"name": "CVE-2019-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2922"
},
{
"name": "CVE-2019-2910",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2910"
},
{
"name": "CVE-2019-2963",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2963"
},
{
"name": "CVE-2019-2948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2948"
},
{
"name": "CVE-2019-2924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2924"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2019-2968",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2968"
},
{
"name": "CVE-2019-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2950"
},
{
"name": "CVE-2019-2960",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2960"
}
],
"initial_release_date": "2019-10-16T00:00:00",
"last_revision_date": "2019-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-509",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL"
}
]
}
CERTFR-2019-AVI-341
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 5.7.26 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.9 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.16 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.44 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.14 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.16 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 5.7.26 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.9 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.44 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.14 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2808"
},
{
"name": "CVE-2019-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2879"
},
{
"name": "CVE-2019-2730",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2730"
},
{
"name": "CVE-2019-2740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2740"
},
{
"name": "CVE-2019-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2819"
},
{
"name": "CVE-2019-2811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2811"
},
{
"name": "CVE-2019-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2774"
},
{
"name": "CVE-2019-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2803"
},
{
"name": "CVE-2019-2814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2814"
},
{
"name": "CVE-2019-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2780"
},
{
"name": "CVE-2019-2743",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2743"
},
{
"name": "CVE-2019-2737",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2737"
},
{
"name": "CVE-2019-2752",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2752"
},
{
"name": "CVE-2019-2746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2746"
},
{
"name": "CVE-2019-2826",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2826"
},
{
"name": "CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"name": "CVE-2019-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2778"
},
{
"name": "CVE-2019-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2731"
},
{
"name": "CVE-2019-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2802"
},
{
"name": "CVE-2019-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2800"
},
{
"name": "CVE-2019-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2796"
},
{
"name": "CVE-2019-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2798"
},
{
"name": "CVE-2019-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2789"
},
{
"name": "CVE-2019-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2784"
},
{
"name": "CVE-2019-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2758"
},
{
"name": "CVE-2019-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2810"
},
{
"name": "CVE-2019-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2805"
},
{
"name": "CVE-2019-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2785"
},
{
"name": "CVE-2019-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2797"
},
{
"name": "CVE-2019-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2755"
},
{
"name": "CVE-2019-2822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2822"
},
{
"name": "CVE-2019-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2801"
},
{
"name": "CVE-2019-2747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2747"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2019-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2791"
},
{
"name": "CVE-2019-2815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2815"
},
{
"name": "CVE-2019-2738",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2738"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2812"
},
{
"name": "CVE-2019-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2739"
},
{
"name": "CVE-2019-2741",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2741"
},
{
"name": "CVE-2019-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2795"
},
{
"name": "CVE-2019-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2834"
},
{
"name": "CVE-2019-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2757"
},
{
"name": "CVE-2019-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2830"
}
],
"initial_release_date": "2019-07-17T00:00:00",
"last_revision_date": "2019-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#MSQL"
}
]
}
CERTFR-2019-AVI-175
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL Enterprise Monitor versions antérieures à 4.0.8 et 8.0.14 | ||
| Oracle | MySQL | Oracle MySQL Connectors versions antérieures à 5.3.12 et 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Server versions antérieures à 5.6.43, 5.7.25, 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Backup versions antérieures à 3.12.3 et 4.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 4.0.8 et 8.0.14",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Connectors versions ant\u00e9rieures \u00e0 5.3.12 et 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server versions ant\u00e9rieures \u00e0 5.6.43, 5.7.25, 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Backup versions ant\u00e9rieures \u00e0 3.12.3 et 4.1.2",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2628"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2581"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2632"
},
{
"name": "CVE-2019-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2566"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2018-3123",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3123"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2627"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2683"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2592"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2692"
},
{
"name": "CVE-2019-2614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2614"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
}
],
"initial_release_date": "2019-04-17T00:00:00",
"last_revision_date": "2019-04-17T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-025
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Connectors versions 2.1.8 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.24 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.7 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.42 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Connectors versions 2.1.8 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.7 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2529"
},
{
"name": "CVE-2019-2510",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2510"
},
{
"name": "CVE-2018-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
},
{
"name": "CVE-2019-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2420"
},
{
"name": "CVE-2019-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
},
{
"name": "CVE-2019-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2486"
},
{
"name": "CVE-2019-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2434"
},
{
"name": "CVE-2019-2528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2528"
},
{
"name": "CVE-2019-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2019-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
},
{
"name": "CVE-2019-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
},
{
"name": "CVE-2019-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2532"
},
{
"name": "CVE-2019-2537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2537"
},
{
"name": "CVE-2019-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2481"
},
{
"name": "CVE-2019-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
},
{
"name": "CVE-2019-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
},
{
"name": "CVE-2019-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
},
{
"name": "CVE-2019-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2531"
},
{
"name": "CVE-2019-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2503"
},
{
"name": "CVE-2019-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
},
{
"name": "CVE-2019-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2534"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
},
{
"name": "CVE-2019-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2482"
},
{
"name": "CVE-2019-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2455"
},
{
"name": "CVE-2019-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2507"
}
],
"initial_release_date": "2019-01-16T00:00:00",
"last_revision_date": "2019-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019-5072801 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019verbose-5072807 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html#MSQL"
}
]
}
CERTFR-2018-AVI-498
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Server versions 8.0.12 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.5.61 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.12 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.41 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.23 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 3.4.9.4237 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.2.8191 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.6.5281 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Server versions 8.0.12 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.5.61 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.12 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.23 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 3.4.9.4237 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.2.8191 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.6.5281 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3187",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3187"
},
{
"name": "CVE-2018-3279",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3279"
},
{
"name": "CVE-2018-3283",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3283"
},
{
"name": "CVE-2018-3162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3162"
},
{
"name": "CVE-2018-3174",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3174"
},
{
"name": "CVE-2018-3284",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3284"
},
{
"name": "CVE-2018-3282",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3282"
},
{
"name": "CVE-2018-3155",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3155"
},
{
"name": "CVE-2018-3170",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3170"
},
{
"name": "CVE-2018-3258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3258"
},
{
"name": "CVE-2018-3144",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3144"
},
{
"name": "CVE-2018-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3161"
},
{
"name": "CVE-2018-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3251"
},
{
"name": "CVE-2018-3173",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3173"
},
{
"name": "CVE-2018-3186",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3186"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2018-3137",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3137"
},
{
"name": "CVE-2018-3286",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3286"
},
{
"name": "CVE-2018-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3247"
},
{
"name": "CVE-2018-3185",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3185"
},
{
"name": "CVE-2018-3133",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3133"
},
{
"name": "CVE-2018-3203",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3203"
},
{
"name": "CVE-2018-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3156"
},
{
"name": "CVE-2018-3182",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3182"
},
{
"name": "CVE-2018-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3145"
},
{
"name": "CVE-2018-11776",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11776"
},
{
"name": "CVE-2018-8014",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8014"
},
{
"name": "CVE-2018-3278",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3278"
},
{
"name": "CVE-2018-3276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3276"
},
{
"name": "CVE-2018-3285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3285"
},
{
"name": "CVE-2018-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3212"
},
{
"name": "CVE-2018-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3143"
},
{
"name": "CVE-2018-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3171"
},
{
"name": "CVE-2018-1258",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1258"
},
{
"name": "CVE-2018-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3195"
},
{
"name": "CVE-2018-3277",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3277"
},
{
"name": "CVE-2018-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3200"
},
{
"name": "CVE-2018-3280",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3280"
}
],
"initial_release_date": "2018-10-17T00:00:00",
"last_revision_date": "2018-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-498",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
CERTFR-2018-AVI-349
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Enterprise Monitor versions 3.4.7.4297 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.5.60 et antérieures, versions 5.6.40 et antérieures, versions 5.7.22 et antérieures, versions 8.0.11 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 5.6.40 et antérieures | ||
| Oracle | MySQL | MySQL Client versions 5.5.60 et antérieures, versions 5.6.40 et antérieures, versions 5.7.22 et antérieures, versions 8.0.11 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.0.8131 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 6.3.10 et antérieures, versions 8.0.11 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 5.3.10 et antérieures, versions 8.0.11 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.4.5235 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 5.7.22 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Enterprise Monitor versions 3.4.7.4297 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.5.60 et ant\u00e9rieures, versions 5.6.40 et ant\u00e9rieures, versions 5.7.22 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 5.6.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Client versions 5.5.60 et ant\u00e9rieures, versions 5.6.40 et ant\u00e9rieures, versions 5.7.22 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.0.8131 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 6.3.10 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 5.3.10 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.4.5235 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 5.7.22 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3066"
},
{
"name": "CVE-2018-3080",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3080"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-3061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3061"
},
{
"name": "CVE-2017-0379",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0379"
},
{
"name": "CVE-2018-3079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3079"
},
{
"name": "CVE-2018-3073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3073"
},
{
"name": "CVE-2018-3067",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3067"
},
{
"name": "CVE-2018-3074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3074"
},
{
"name": "CVE-2018-3054",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3054"
},
{
"name": "CVE-2018-3062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3062"
},
{
"name": "CVE-2018-3058",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3058"
},
{
"name": "CVE-2018-3078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3078"
},
{
"name": "CVE-2018-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2598"
},
{
"name": "CVE-2018-3081",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3081"
},
{
"name": "CVE-2018-3060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3060"
},
{
"name": "CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"name": "CVE-2018-3056",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3056"
},
{
"name": "CVE-2018-3063",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3063"
},
{
"name": "CVE-2018-3075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3075"
},
{
"name": "CVE-2018-2767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2767"
},
{
"name": "CVE-2018-3071",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3071"
},
{
"name": "CVE-2018-3064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3064"
},
{
"name": "CVE-2018-3077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3077"
},
{
"name": "CVE-2018-3082",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3082"
},
{
"name": "CVE-2018-3070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3070"
},
{
"name": "CVE-2018-3084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3084"
},
{
"name": "CVE-2018-3065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3065"
}
],
"initial_release_date": "2018-07-18T00:00:00",
"last_revision_date": "2018-07-18T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-349",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018-4258247 du 17 juillet 2018",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018verbose-4258253 du 17 juillet 2018",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html#MSQL"
}
]
}
CERTFR-2018-AVI-191
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.2.5168 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 3.3.7.3306 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.14 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.5 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.2.27 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.5.59 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.3.16 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 3.4.5.4248 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.39 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.21 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Enterprise Monitor versions 4.0.2.5168 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 3.3.7.3306 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.14 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.5 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.2.27 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.5.59 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.3.16 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 3.4.5.4248 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.39 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.21 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-2839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2839"
},
{
"name": "CVE-2018-2766",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2766"
},
{
"name": "CVE-2018-2775",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2775"
},
{
"name": "CVE-2018-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2805"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2018-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2817"
},
{
"name": "CVE-2018-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2759"
},
{
"name": "CVE-2018-2762",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2762"
},
{
"name": "CVE-2018-2818",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2818"
},
{
"name": "CVE-2018-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2755"
},
{
"name": "CVE-2018-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2877"
},
{
"name": "CVE-2018-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2758"
},
{
"name": "CVE-2018-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2773"
},
{
"name": "CVE-2018-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2846"
},
{
"name": "CVE-2018-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2781"
},
{
"name": "CVE-2018-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2784"
},
{
"name": "CVE-2018-2816",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2816"
},
{
"name": "CVE-2018-2769",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2769"
},
{
"name": "CVE-2018-2786",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2786"
},
{
"name": "CVE-2018-2812",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2812"
},
{
"name": "CVE-2018-2771",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2771"
},
{
"name": "CVE-2016-9878",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9878"
},
{
"name": "CVE-2018-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2780"
},
{
"name": "CVE-2018-2782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2782"
},
{
"name": "CVE-2018-2819",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2819"
},
{
"name": "CVE-2018-2813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2813"
},
{
"name": "CVE-2018-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2778"
},
{
"name": "CVE-2018-2776",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2776"
},
{
"name": "CVE-2018-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2787"
},
{
"name": "CVE-2018-2777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2777"
},
{
"name": "CVE-2018-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2761"
},
{
"name": "CVE-2018-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2810"
},
{
"name": "CVE-2018-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2779"
}
],
"initial_release_date": "2018-04-18T00:00:00",
"last_revision_date": "2018-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-191",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018verbose-3678067 du 17 avril 2018",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018-3678067 du 17 avril 2018",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
}
]
}