diff options
| author | Muhammad Moinur Rahman <bofh@FreeBSD.org> | 2025-10-01 11:43:34 +0200 |
|---|---|---|
| committer | Muhammad Moinur Rahman <bofh@FreeBSD.org> | 2025-10-01 11:44:24 +0200 |
| commit | 810b7de4a97eabe84831064a04d78e5b2db57b40 (patch) | |
| tree | 224789c7e93c9ecb3b6698a2be252b2ea9ad1558 | |
| parent | databases/py-mysql-connector-python: Update version 8.3.0=>9.4.0 (diff) | |
security/vuxml: Add entry for py-mysql-connector-python
PR: 289934
Reported by: patrik@hildingsson.se
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 867eb00f1ccc..3a34965f0df5 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,44 @@ + <vuln vid="cb570d6f-9ea9-11f0-9446-f02f7497ecda"> + <topic>py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL</topic> + <affects> + <package> + <name>py39-mysql-connector-python</name> + <name>py310-mysql-connector-python</name> + <name>py311-mysql-connector-python</name> + <name>py312-mysql-connector-python</name> + <range><lt>9.2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Oracle reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujan2025.html"> + <p>Vulnerability in the MySQL Connectors product of Oracle MySQL + (component: Connector/Python). Supported versions that are affected are + 9.1.0 and prior. Easily exploitable vulnerability allows high privileged + attacker with network access via multiple protocols to compromise MySQL + Connectors. Successful attacks require human interaction from a person + other than the attacker. Successful attacks of this vulnerability can + result in unauthorized creation, deletion or modification access to + critical data or all MySQL Connectors accessible data as well as + unauthorized read access to a subset of MySQL Connectors accessible data + and unauthorized ability to cause a hang or frequently repeatable crash + (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 + (Confidentiality, Integrity and Availability impacts). CVSS Vector: + (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-21548</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21548</url> + </references> + <dates> + <discovery>2025-01-21</discovery> + <entry>2025-10-01</entry> + </dates> + </vuln> + <vuln vid="00e912c5-9e92-11f0-bc5f-8447094a420f"> <topic>OpenSSL -- multiple vulnerabilities</topic> <affects> |