Severity
Medium
Analysis Summary
CVE-2021-2201
The vulnerability in Oracle MySQL allows a local privileged user to perform a denial of service (DoS) attack. The vulnerability is related to the Server: Partition component in MySQL Server. A privileged remote attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2208
The vulnerability in Oracle MySQL allows a local privileged user to perform a denial of service (DoS) attack. The vulnerability is related to the Server: Partition component in MySQL Server. A privileged remote attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2215
The vulnerability in Oracle MySQL allows a local privileged user to perform a denial of service (DoS) attack. The vulnerability is related to the Server: Stored Procedure component in MySQL Server. A privileged remote attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2226
The vulnerability allows a remote privileged user to gain access to sensitive information. The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit the vulnerability which results in a low confidentiality impact using unknown attack vectors.
CVE-2021-2217
The vulnerability in Oracle MySQL allows a local privileged user to perform a denial of service (DoS) attack. The vulnerability is related to the Server: Stored Procedure component in MySQL Server. A privileged remote attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2232
The vulnerability in Oracle MySQL allows a local privileged user to perform service disruption. The vulnerability is related to the Server: Group Replication Plugin component that allows unauthenticated attackers to cause DoS (denial of service) condition. The vulnerability results in a low availability impact using unknown attack vectors.
CVE-2021-2278
The vulnerability in Oracle MySQL allows a remote privileged user to perform a denial of service (DoS) attack. The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2293
The vulnerability in Oracle MySQL allows a remote privileged user to perform a denial of service (DoS) attack. The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2299
The vulnerability in Oracle MySQL allows a remote privileged user to perform a denial of service (DoS) attack. The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2300
The vulnerability in Oracle MySQL allows a remote privileged user to perform a denial of service (DoS) attack. The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2301
The vulnerability allows a remote privileged user to gain access to sensitive information. The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit the vulnerability which results in a low confidentiality impact using unknown attack vectors.
CVE-2021-2304
The vulnerability allows a remote privileged user to user to damage or delete data. The vulnerability exists due to improper input validation within the Server Stored Procedure component in MySQL Server. A remote privileged user can exploit the vulnerability which results in damage or deletion of data.
CVE-2021-2305
The vulnerability in Oracle MySQL allows a remote privileged user to perform a denial of service (DoS) attack. The vulnerability exists due to improper input validation within the Server DML component in MySQL Server. A remote privileged user can exploit the vulnerability to perform a denial of service (DoS) attack.
CVE-2021-2307
The vulnerability allows a local non-authenticated user to user to read and manipulate data. The vulnerability exists due to improper input validation within the Server: Packaging component in MySQL Server. A local non-authenticated attacker can exploit this vulnerability to read and manipulate data.
CVE-2021-2308
The vulnerability in Oracle MySQL allows a remote privileged user to gain access to sensitive information. The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit the vulnerability which results in a low confidentiality impact using unknown attack vectors.
Impact
- Denial of Service
- Information Disclosure
Affected Vendors
Oracle
Affected Products
MySQL Server
versions 5.7.33 and prior
8.0.23 and prior
Remediation
Refer to Oracle Critical Patch Update Advisory – April 2021 for patches, upgrades, or suggested workaround information at