SB2019011701 - Multiple vulnerabilities in Oracle MySQL

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019011701

SB2019011701 - Multiple vulnerabilities in Oracle MySQL

Published: January 17, 2019

Security Bulletin ID SB2019011701
Severity
Low
Patch available
YES
Number of vulnerabilities 27
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 27 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2019-2533)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data.

2) Denial of service (CVE-ID: CVE-2019-2482)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

3) Denial of service (CVE-ID: CVE-2019-2529)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

4) Security restrictions bypass (CVE-ID: CVE-2019-2534)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

5) Denial of service (CVE-ID: CVE-2019-2434)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

6) Denial of service (CVE-ID: CVE-2019-2455)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

7) Security restrictions bypass (CVE-ID: CVE-2019-2503)

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

8) Security restrictions bypass (CVE-ID: CVE-2019-2436)

The vulnerability allows a remote authenticated high-privileged attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data and cause the service to crash.

9) Information disclosure (CVE-ID: CVE-2019-0734)

The vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information.

The weakness exists in MySQL Protocol due to unspecified flaw. A local attacker can read potentially sensitive information.

10) Denial of service (CVE-ID: CVE-2019-2536)

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

11) Denial of service (CVE-ID: CVE-2019-2510)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

12) Denial of service (CVE-ID: CVE-2019-2502)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

13) Denial of service (CVE-ID: CVE-2019-2539)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

14) Denial of service (CVE-ID: CVE-2019-2494)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

15) Denial of service (CVE-ID: CVE-2019-2495)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

16) Denial of service (CVE-ID: CVE-2019-2537)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

17) Denial of service (CVE-ID: CVE-2019-2420)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

18) Denial of service (CVE-ID: CVE-2019-2481)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

19) Denial of service (CVE-ID: CVE-2019-2507)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

20) Denial of service (CVE-ID: CVE-2019-2530)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

21) Denial of service (CVE-ID: CVE-2019-2528)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

22) Denial of service (CVE-ID: CVE-2019-2531)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

23) Denial of service (CVE-ID: CVE-2019-2486)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

24) Denial of service (CVE-ID: CVE-2019-2532)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

25) Denial of service (CVE-ID: CVE-2019-2535)

The vulnerability allows a local high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

26) Information disclosure (CVE-ID: CVE-2019-2513)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The weakness exists due to unspecified flaw. A remote attacker can read potentially sensitive information.

27) Improper input validation (CVE-ID: CVE-2018-0732)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.


Remediation

Install update from vendor's website.

References