Multiple vulnerabilities in Oracle MySQL

Published: 2019-01-17 11:01:37 | Updated: 2019-01-17
Severity Low
Patch available YES
Number of vulnerabilities 27
CVE ID CVE-2019-2533
CVE-2019-2482
CVE-2019-2529
CVE-2019-2534
CVE-2019-2434
CVE-2019-2455
CVE-2019-2503
CVE-2019-2436
CVE-2019-0734
CVE-2019-2536
CVE-2019-2510
CVE-2019-2502
CVE-2019-2539
CVE-2019-2494
CVE-2019-2495
CVE-2019-2537
CVE-2019-2420
CVE-2019-2481
CVE-2019-2507
CVE-2019-2530
CVE-2019-2528
CVE-2019-2531
CVE-2019-2486
CVE-2019-2532
CVE-2019-2535
CVE-2019-2513
CVE-2018-0732
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.2 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
5.6 [CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
4.8 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
4.5 [CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
4.4 [CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
2.2 [CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-264
CWE-200
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software MySQL Server
Vulnerable software versions MySQL Server 8.0.13
MySQL Server 5.6.42
MySQL Server 5.6.40

Show more

Vendor URL Oracle

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

2) Denial of service

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

3) Denial of service

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

4) Security restrictions bypass

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

5) Denial of service

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

6) Denial of service

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

7) Security restrictions bypass

Description

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

8) Security restrictions bypass

Description

The vulnerability allows a remote authenticated high-privileged attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data and cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

9) Information disclosure

Description

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information.

The weakness exists in MySQL Protocol due to unspecified flaw. A local attacker can read potentially sensitive information.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

10) Denial of service

Description

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

11) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

12) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

13) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

14) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

15) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

16) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

17) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

18) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

19) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

20) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

21) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

22) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

23) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

24) Denial of service

Description

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

25) Denial of service

Description

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

26) Information disclosure

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw. A remote attacker can read potentially sensitive information.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

27) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.

Remediation

Install update from vendor's website.

External links

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM

Back to List