Errata ALT-PU-2019-2436-1: Information
Fixes
Published: July 16, 2019
BDU:2019-03233
Уязвимость подкомпонента Server : Pluggable Auth компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.0)
Links:
Published: July 16, 2019
BDU:2019-03235
Уязвимость подкомпонента Server: Security: Privileges компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.1) Vector: AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: July 16, 2019
BDU:2019-03236
Уязвимость подкомпонента Server: XML компонента MySQL Server системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 23, 2019
BDU:2020-01523
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю модифицировать данные или вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: July 23, 2019
BDU:2020-01528
Уязвимость компонента Server: Parser системы управления базами данных MySQL ,позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 14, 2020
BDU:2020-02584
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Jan. 19, 2021
BDU:2021-00422
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: LOW (3.7) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K51272092
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2739
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.1) Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K51272092
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K51272092?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K03444640
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K03444640?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2758
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K14118520
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- FEDORA-2019-c106e46a95
- FEDORA-2019-96516ce0ac
- https://support.f5.com/csp/article/K14118520?utm_source=f5support&amp%3Butm_medium=RSS
Published: July 24, 2019
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2019-2805
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- USN-4070-1
- 20190802 [slackware-security] mariadb (SSA:2019-213-01)
- http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html
- USN-4070-2
- USN-4070-3
- RHSA-2019:2484
- RHSA-2019:2511
- https://support.f5.com/csp/article/K04831884
- RHSA-2019:3708
- openSUSE-SU-2019:2698
- https://support.f5.com/csp/article/K04831884?utm_source=f5support&amp%3Butm_medium=RSS
Published: April 15, 2020
Modified: Oct. 28, 2022
Modified: Oct. 28, 2022
CVE-2020-2922
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links:
Published: Jan. 20, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2007
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Severity: LOW (3.7) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Links: