Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-175
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | Oracle MySQL Enterprise Monitor versions antérieures à 4.0.8 et 8.0.14 | ||
| Oracle | MySQL | Oracle MySQL Connectors versions antérieures à 5.3.12 et 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Server versions antérieures à 5.6.43, 5.7.25, 8.0.15 | ||
| Oracle | MySQL | Oracle MySQL Enterprise Backup versions antérieures à 3.12.3 et 4.1.2 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 4.0.8 et 8.0.14",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Connectors versions ant\u00e9rieures \u00e0 5.3.12 et 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Server versions ant\u00e9rieures \u00e0 5.6.43, 5.7.25, 8.0.15",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL Enterprise Backup versions ant\u00e9rieures \u00e0 3.12.3 et 4.1.2",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2585"
},
{
"name": "CVE-2019-2628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2628"
},
{
"name": "CVE-2019-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2589"
},
{
"name": "CVE-2019-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2596"
},
{
"name": "CVE-2019-2630",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2630"
},
{
"name": "CVE-2019-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2607"
},
{
"name": "CVE-2019-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2581"
},
{
"name": "CVE-2019-2685",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2685"
},
{
"name": "CVE-2019-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2632"
},
{
"name": "CVE-2019-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2566"
},
{
"name": "CVE-2019-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2606"
},
{
"name": "CVE-2018-3123",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3123"
},
{
"name": "CVE-2019-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2617"
},
{
"name": "CVE-2019-2626",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2626"
},
{
"name": "CVE-2019-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2625"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2627"
},
{
"name": "CVE-2019-2631",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2631"
},
{
"name": "CVE-2019-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2623"
},
{
"name": "CVE-2019-2686",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2686"
},
{
"name": "CVE-2019-2694",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2694"
},
{
"name": "CVE-2019-2689",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2689"
},
{
"name": "CVE-2019-2683",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2683"
},
{
"name": "CVE-2019-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2624"
},
{
"name": "CVE-2019-2592",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2592"
},
{
"name": "CVE-2019-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2687"
},
{
"name": "CVE-2019-2644",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2644"
},
{
"name": "CVE-2019-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2580"
},
{
"name": "CVE-2019-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2587"
},
{
"name": "CVE-2019-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2593"
},
{
"name": "CVE-2019-2692",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2692"
},
{
"name": "CVE-2019-2614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2614"
},
{
"name": "CVE-2019-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2634"
},
{
"name": "CVE-2019-2695",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2695"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-2636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2636"
},
{
"name": "CVE-2019-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2691"
},
{
"name": "CVE-2019-2688",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2688"
},
{
"name": "CVE-2019-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2584"
},
{
"name": "CVE-2019-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2635"
},
{
"name": "CVE-2019-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2693"
},
{
"name": "CVE-2019-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2620"
},
{
"name": "CVE-2019-2681",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2681"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CVE-2019-2606 (GCVE-0-2019-2606)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:46
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:46.747212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:46:38.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K52514501",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2606",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:46:38.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2694 (GCVE-0-2019-2694)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:39
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:23.072667Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:39:31.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:18",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K04246541",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2694",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:39:31.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2625 (GCVE-0-2019-2625)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:34.035017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:21.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:19",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K43540241",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2625",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:21.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2607 (GCVE-0-2019-2607)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:46
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2607",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:45.652831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:46:32.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:08",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K52514501",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2607",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:46:32.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2626 (GCVE-0-2019-2626)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2626",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:32.708706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:15.826Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:21",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K43540241",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2626",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:15.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2687 (GCVE-0-2019-2687)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2687",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:29.155010Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:08.980Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:16",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K28312671",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2687",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:08.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2585 (GCVE-0-2019-2585)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:48
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:06.181229Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:48:36.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:08",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K54470776",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2585",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:48:36.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2681 (GCVE-0-2019-2681)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:35.971197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:49.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:20",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K42793451",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2681",
"datePublished": "2019-04-23T18:16:43",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:49.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2632 (GCVE-0-2019-2632)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:58
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.7.25 and prior
Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:52:58.616823Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:58:55.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T14:06:15",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K32798641",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2632",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:58:55.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2628 (GCVE-0-2019-2628)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.7.25 and prior
Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:30.380817Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:57.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:53",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K32798641",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-4070-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2628",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:57.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2593 (GCVE-0-2019-2593)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:47
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:56.183359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:47:44.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K54470776",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2593",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:47:44.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2620 (GCVE-0-2019-2620)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:39.383344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:55.063Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K43540241",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2620",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:55.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2695 (GCVE-0-2019-2695)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:39
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:21.984026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:39:20.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:16",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K04246541",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2695",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:39:20.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2691 (GCVE-0-2019-2691)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:39
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:25.375218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:39:49.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:14",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K04246541",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2691",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:39:49.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2617 (GCVE-0-2019-2617)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:46
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.388Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:41.530316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:46:08.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K52514501",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2617",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:46:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2689 (GCVE-0-2019-2689)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:39
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:26.364708Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:39:55.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:20",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K04246541",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2689",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:39:55.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2566 (GCVE-0-2019-2566)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:49
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.7.25 and prior
Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2566",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:18.872839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:49:53.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-29T14:06:15",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K58502649",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2566",
"datePublished": "2019-04-23T18:16:39",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:49:53.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2581 (GCVE-0-2019-2581)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:49
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.7.25 and prior
Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2581",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:09.447117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:49:01.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K58502649",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2581",
"datePublished": "2019-04-23T18:16:39",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:49:01.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3123 (GCVE-0-2018-3123)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:50
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.6.42 and prior
Affected: 5.7.24 and prior Affected: 8.0.13 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:43:35.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K58502649"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-3123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:24.407223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:50:34.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.6.42 and prior"
},
{
"status": "affected",
"version": "5.7.24 and prior"
},
{
"status": "affected",
"version": "8.0.13 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-25T05:06:03",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K58502649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.42 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.24 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.13 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K58502649",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K58502649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2018-3123",
"datePublished": "2019-04-23T18:16:38",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-10-02T15:50:34.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2636 (GCVE-0-2019-2636)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:22.522458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:17.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:11",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via MySQL Procotol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K42793451",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2636",
"datePublished": "2019-04-23T18:16:42",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:17.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1559 (GCVE-0-2019-1559)
Vulnerability from cvelistv5 – Published: 2019-02-27 23:00 – Updated: 2024-09-17 04:20
VLAI?
EPSS
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
Severity ?
No CVSS data available.
CWE
- Padding Oracle
Assigner
References
Impacted products
Credits
Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:27.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Padding Oracle",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:42:01",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "107174",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "0-byte record padding oracle",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2019-02-26",
"ID": "CVE-2019-1559",
"STATE": "PUBLIC",
"TITLE": "0-byte record padding oracle"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
"value": "Moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Padding Oracle"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107174"
},
{
"name": "GLSA-201903-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"name": "USN-3899-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3899-1/"
},
{
"name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
},
{
"name": "DSA-4400",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4400"
},
{
"name": "openSUSE-SU-2019:1076",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
},
{
"name": "openSUSE-SU-2019:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
},
{
"name": "openSUSE-SU-2019:1173",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
},
{
"name": "openSUSE-SU-2019:1175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
},
{
"name": "openSUSE-SU-2019:1432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
},
{
"name": "openSUSE-SU-2019:1637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "RHSA-2019:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2439"
},
{
"name": "RHSA-2019:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2437"
},
{
"name": "RHSA-2019:2471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2471"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3929",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3929"
},
{
"name": "RHSA-2019:3931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3931"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "USN-4376-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4376-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
},
{
"name": "https://www.openssl.org/news/secadv/20190226.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20190226.txt"
},
{
"name": "https://support.f5.com/csp/article/K18549143",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143"
},
{
"name": "https://www.tenable.com/security/tns-2019-02",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-02"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "https://www.tenable.com/security/tns-2019-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2019-03"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
},
{
"name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2019-1559",
"datePublished": "2019-02-27T23:00:00Z",
"dateReserved": "2018-11-28T00:00:00",
"dateUpdated": "2024-09-17T04:20:35.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2587 (GCVE-0-2019-2587)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:48
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:03.768954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:48:23.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K54470776",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2587",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:48:23.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2688 (GCVE-0-2019-2688)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:27.719085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:01.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:17",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K28312671",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2688",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:01.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2614 (GCVE-0-2019-2614)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:46
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.6.43 and prior
Affected: 5.7.25 and prior Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2614",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:44.058591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:46:24.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.6.43 and prior"
},
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:48",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.43 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K52514501",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
},
{
"name": "RHSA-2019:3708",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2614",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:46:24.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2631 (GCVE-0-2019-2631)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:26.270595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:35.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:12",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K32798641",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2631",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:35.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2596 (GCVE-0-2019-2596)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:47
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:43.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2596",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:53.626490Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:47:32.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K52514501",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K52514501"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2596",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:47:32.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2683 (GCVE-0-2019-2683)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.6.43 and prior
Affected: 5.7.25 and prior Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:33.570139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:34.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.6.43 and prior"
},
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:14",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.43 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K28312671",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2683",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:34.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2693 (GCVE-0-2019-2693)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:39
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:24.050517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:39:41.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:11",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K04246541",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04246541"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2693",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:39:41.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2686 (GCVE-0-2019-2686)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2686",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:30.306465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:15.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:11",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K28312671",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2686",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:15.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2627 (GCVE-0-2019-2627)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.6.43 and prior
Affected: 5.7.25 and prior Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:31.512592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:07.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.6.43 and prior"
},
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:47",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.43 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K32798641",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "USN-3957-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-2/"
},
{
"name": "USN-3957-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-3/"
},
{
"name": "RHSA-2019:2327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2327"
},
{
"name": "USN-4070-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4070-3/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "openSUSE-SU-2019:1913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00035.html"
},
{
"name": "openSUSE-SU-2019:1915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00032.html"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "RHSA-2019:3708",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3708"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2627",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:07.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2635 (GCVE-0-2019-2635)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:23.561905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:23.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:20",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K42793451",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2635",
"datePublished": "2019-04-23T18:16:42",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:23.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2685 (GCVE-0-2019-2685)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:40
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:59:31.231089Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:40:21.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:14",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K28312671",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K28312671"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2685",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:40:21.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2592 (GCVE-0-2019-2592)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:47
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
5.7.25 and prior
Affected: 8.0.15 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:57.787085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:47:51.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "5.7.25 and prior"
},
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "USN-3957-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.25 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K54470776",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "USN-3957-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3957-1/"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2592",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:47:51.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2634 (GCVE-0-2019-2634)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:24.703049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:29.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:10",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K42793451",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2634",
"datePublished": "2019-04-23T18:16:42",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:29.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2630 (GCVE-0-2019-2630)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:44
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2630",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:28.147493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:44:42.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:21",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K32798641",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K32798641"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2630",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:44:42.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2584 (GCVE-0-2019-2584)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:48
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:06.934556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:48:47.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:08",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K58502649",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2584",
"datePublished": "2019-04-23T18:16:39",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:48:47.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2623 (GCVE-0-2019-2623)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2623",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:36.451959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:35.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:17",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K43540241",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2623",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:35.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2580 (GCVE-0-2019-2580)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:49
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2580",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:10.483255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:49:07.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K58502649",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K58502649"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2580",
"datePublished": "2019-04-23T18:16:39",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:49:07.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2624 (GCVE-0-2019-2624)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:45
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:35.215447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:45:29.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K43540241",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43540241"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2624",
"datePublished": "2019-04-23T18:16:41",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:45:29.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0734 (GCVE-0-2018-0734)
Vulnerability from cvelistv5 – Published: 2018-10-30 12:00 – Updated: 2024-09-16 23:10
VLAI?
EPSS
Summary
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Severity ?
No CVSS data available.
CWE
- Constant time issue
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
Credits
Samuel Weiser
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "105758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "openSUSE-SU-2019:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "openSUSE-SU-2019:1814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Samuel Weiser"
}
],
"datePublic": "2018-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Constant time issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:42",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "105758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "openSUSE-SU-2019:1547",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "openSUSE-SU-2019:1814",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "RHSA-2019:2304",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "FEDORA-2019-db06efdea1",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"name": "RHSA-2019:3933",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "Timing attack against DSA",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-10-30",
"ID": "CVE-2018-0734",
"STATE": "PUBLIC",
"TITLE": "Timing attack against DSA"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
},
{
"version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"version_value": "Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Samuel Weiser"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Constant time issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "DSA-4355",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f"
},
{
"name": "https://www.tenable.com/security/tns-2018-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "https://www.tenable.com/security/tns-2018-16",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"name": "105758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105758"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7"
},
{
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac"
},
{
"name": "https://www.openssl.org/news/secadv/20181030.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20181030.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
},
{
"name": "openSUSE-SU-2019:1547",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "openSUSE-SU-2019:1814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html"
},
{
"name": "RHSA-2019:2304",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2304"
},
{
"name": "FEDORA-2019-db06efdea1",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
},
{
"name": "FEDORA-2019-00c25b9379",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
},
{
"name": "FEDORA-2019-9a0a7c0986",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
},
{
"name": "RHSA-2019:3700",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"name": "RHSA-2019:3933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3933"
},
{
"name": "RHSA-2019:3935",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3935"
},
{
"name": "RHSA-2019:3932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3932"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2018-0734",
"datePublished": "2018-10-30T12:00:00Z",
"dateReserved": "2017-11-30T00:00:00",
"dateUpdated": "2024-09-16T23:10:36.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2644 (GCVE-0-2019-2644)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:43
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:00:12.966912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:43:24.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T21:06:19",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K42793451",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42793451"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2644",
"datePublished": "2019-04-23T18:16:42",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:43:24.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2692 (GCVE-0-2019-2692)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:57
VLAI?
EPSS
Summary
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Severity ?
No CVSS data available.
CWE
- Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Connectors |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:45.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "107925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107925"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:55:48.281220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:57:52.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Connectors",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-30T18:52:09",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "107925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107925"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "107925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107925"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2692",
"datePublished": "2019-04-23T18:16:44",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:57:52.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-2589 (GCVE-0-2019-2589)
Vulnerability from cvelistv5 – Published: 2019-04-23 18:16 – Updated: 2024-10-02 15:48
VLAI?
EPSS
Summary
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity ?
No CVSS data available.
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Server |
Affected:
8.0.15 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:56:44.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T14:01:01.715092Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T15:48:11.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.15 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-04T05:06:07",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.15 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://support.f5.com/csp/article/K54470776",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K54470776"
},
{
"name": "RHSA-2019:2484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2484"
},
{
"name": "RHSA-2019:2511",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2511"
},
{
"name": "FEDORA-2019-c106e46a95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP/"
},
{
"name": "FEDORA-2019-96516ce0ac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2589",
"datePublished": "2019-04-23T18:16:40",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T15:48:11.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…