{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to MySQL 8.0.41\n- CVEs fixed:\n CVE-2024-21101 CVE-2025-21559 CVE-2025-21555 CVE-2025-21546 CVE-2025-21543\n CVE-2025-21540 CVE-2025-21531 CVE-2025-21529 CVE-2025-21523 CVE-2025-21522\n CVE-2025-21520 CVE-2025-21519 CVE-2025-21518 CVE-2025-21505 CVE-2025-21504\n CVE-2025-21503 CVE-2025-21501 CVE-2025-21500 CVE-2025-21497 CVE-2025-21491\n CVE-2025-21490 CVE-2024-11053 CVE-2024-7264", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1741637440.json" } ], "tracking": { "current_release_date": "2026-05-12T21:44:47Z", "generator": { "date": "2026-05-12T21:44:47Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1741637440", "initial_release_date": "2025-03-10T16:10:42Z", "revision_history": [ { "date": "2025-03-10T16:10:42Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-12T21:44:47Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "mysql: Fix of 23 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-common@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-devel@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-errmsg@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-libs@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-test@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-server@8.0.41-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-test@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-common@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-server@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-libs@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-devel@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product": { "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_id": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/mysql-errmsg@8.0.40-1.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" }, "product_reference": "mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-21518", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21518" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21540", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21540" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21497", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21497" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21531", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21531" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21501", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21501" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21503", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21503" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21500", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21500" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21546", "cwe": { "id": "CWE-269", "name": "Improper Privilege Management" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21546" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-21529", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21529" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-7264", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an\nASN.1 Generalized Time field. If given an syntactically incorrect field, the\nparser might end up using -1 for the length of the *time fraction*, leading to\na `strlen()` getting performed on a pointer to a heap buffer area that is not\n(purposely) null terminated.\n\nThis flaw most likely leads to a crash, but can also lead to heap contents\ngetting returned to the application when\n[CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-7264" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/07/31/1", "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2024-7264.html", "url": "https://curl.se/docs/CVE-2024-7264.html" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2024-7264.json", "url": "https://curl.se/docs/CVE-2024-7264.json" }, { "category": "external", "summary": "https://hackerone.com/reports/2629968", "url": "https://hackerone.com/reports/2629968" }, { "category": "external", "summary": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519", "url": "https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240828-0008/", "url": "https://security.netapp.com/advisory/ntap-20240828-0008/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241025-0006/", "url": "https://security.netapp.com/advisory/ntap-20241025-0006/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241025-0010/", "url": "https://security.netapp.com/advisory/ntap-20241025-0010/" } ], "release_date": "2024-07-31T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2024-07-31T08:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21555", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21555" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21504", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21504" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21519", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21519" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21523", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21523" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21490", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21490" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-21101", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-21101" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240426-0015/", "url": "https://security.netapp.com/advisory/ntap-20240426-0015/" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2024.html", "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" } ], "release_date": "2024-04-16T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2024-04-16T22:15:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21522", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21522" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21491", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21491" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21505", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21505" } ], "release_date": "2025-01-21T20:52:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:52:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21543", "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21543" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21559", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21559" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-11053", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-11053" } ], "release_date": "2024-12-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2024-12-11T00:00:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-21520", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "notes": [ { "category": "description", "text": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 1.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21520" } ], "release_date": "2025-01-21T20:53:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-03-10T16:10:42Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1741637440" }, { "category": "none_available", "date": "2025-01-21T20:53:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:mysql-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.40-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.40-1.el9_2.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:mysql-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-common-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-devel-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-errmsg-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-libs-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-server-0:8.0.41-1.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:mysql-test-0:8.0.41-1.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }