[FREEBSD:C9387E4D-2F5F-11EC-8BE6-D4C9EF517024] MySQL -- Multiple vulnerabilities

Severity Critical

Affected Packages 7

CVEs 58

Oracle reports:

  This Critical Patch Update contains 66 new security patches for
    Oracle MySQL. 8 of these vulnerabilities may be remotely exploitable
    without authentication, i.e., may be exploited over a network without
    requiring user credentials.
    The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
    MySQL is 9.8.
  Note: MariaDB only vulnerable against CVE-2021-35604

Package	Affected Version
pkg:freebsd/mysql80-server	< 8.0.27
pkg:freebsd/mysql80-client	< 8.0.27
pkg:freebsd/mysql57-server	< 5.7.36
pkg:freebsd/mysql-connector-java	< 8.0.27
pkg:freebsd/mariadb105-server	< 10.5.13
pkg:freebsd/mariadb104-server	< 10.4.22
pkg:freebsd/mariadb103-server	< 10.3.32

ID

FREEBSD:C9387E4D-2F5F-11EC-8BE6-D4C9EF517024

Severity

critical

Severity from

CVE-2021-22931

URL

http://vuxml.freebsd.org/freebsd/c9387e4d-2f5f-11ec-8be6-d4c9ef517024.html

Published

2021-10-16T00:00:00
(2 years ago)

Modified

2021-10-17T00:00:00
(2 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://www.oracle.com/security-alerts/cpuoct2021.html

Type	Package URL	Name / Product	Version
Affected	pkg:freebsd/mysql80-server	mysql80-server	< 8.0.27
Affected	pkg:freebsd/mysql80-client	mysql80-client	< 8.0.27
Affected	pkg:freebsd/mysql57-server	mysql57-server	< 5.7.36
Affected	pkg:freebsd/mysql-connector-java	mysql-connector-java	< 8.0.27
Affected	pkg:freebsd/mariadb105-server	mariadb105-server	< 10.5.13
Affected	pkg:freebsd/mariadb104-server	mariadb104-server	< 10.4.22
Affected	pkg:freebsd/mariadb103-server	mariadb103-server	< 10.3.32

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date