Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
October 21, 2021Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities
October 21, 2021Rewterz Threat Advisory – Multiple Cisco Vulnerabilities
October 21, 2021Rewterz Threat Advisory – Multiple Oracle Essbase Administration Server Vulnerabilities
October 21, 2021Severity
Medium
Analysis Summary
CVE-2021-35592
An unspecified vulnerability in Oracle MySQL related to the Cluster: General component could allow an authenticated attacker to take control of the system.
CVE-2021-35591
An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35590
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system.
CVE-2021-35584
An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: ndbcluster/plugin DDL component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVE-2021-35583
An unspecified vulnerability in Oracle MySQL Server related to the Server: Windows component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35648
An unspecified vulnerability in MySQL Server related to the Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35647
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35646
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35644; CVE-2021-35643; CVE-2021-35642; CVE-2021-35641
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35640
An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVE-2021-35639
An unspecified vulnerability in Oracle MySQL Server related to the Server: Stored Procedure component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35638
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35637
An unspecified vulnerability in Oracle MySQL Server related to the Server: PS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35636
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35634
An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVE-2021-35633
An unspecified vulnerability in Oracle MySQL Server related to the Server: Logging component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVE-2021-35632
An unspecified vulnerability in Oracle MySQL Server related to the Server: Data Dictionary component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
Impact
- Unauthorized Access
- Denial of Service
Affected Vendors
Oracle
Affected Products
- Oracle MySQL Cluster 7.5.23
- Oracle MySQL Cluster 7.6.19
- Oracle MySQL Server 8.0.25
- Oracle MySQL Server 8.0.26
- Oracle MySQL Cluster 7.4.33
- Oracle MySQL Cluster 8.0.26
- Oracle MySQL Server 8.0.24
Remediation
Refer to Oracle Critical Patch Update Advisory for patch, upgrade, or suggested workaround information.