CVE-2021-2006 — Oracle Mysql vulnerability

12 documents10 sources

Severity

5.3MEDIUMNVD

GHSA7.5

EPSS

1.1%

top 21.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmailer Oracle Mysql Oracle Corporation Mysql Server +1 more

Timeline

PublishedJan 20

Latest updateFeb 2

Description

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

▶NVDoracle/mysql8.0.0 — 8.0.19

▶CVEListV5oracle_corporation/mysql_server8.0.19 and prior

▶Packagistphpmailer/phpmailer< 5.2.0

Also affects: Fedora 32, 33

🔴Vulnerability Details

GHSA

PHPMailer Local file inclusion↗2024-02-02

▶

GHSA

GHSA-wc6g-g9wj-mchg: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2022-05-24

▶

CVEList

CVE-2021-2006: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2021-01-20

▶

OSV

CVE-2021-2006: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)↗2021-01-20

▶

💥Exploits & PoCs

Exploit-DB

Fully Modded phpBB 2021.4.40 - Multiple File Inclusions↗2006-10-23

▶

📋Vendor Advisories

Red Hat

mysql: C API unspecified vulnerability (CPU Jan 2021)↗2021-01-19

▶

Oracle

Oracle Oracle MySQL Risk Matrix: C API — CVE-2021-2006↗2021-01-15

▶

Debian

CVE-2021-2006: mysql-8.0 - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Su...↗2021

▶

🕵️Threat Intelligence

Trendmicro

RCE Bug Returns in ISC BIND Server↗2021-02-25

▶