Vulnerabilities > CVE-2019-2537

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
oracle
canonical
debian
netapp
mariadb
redhat
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
82
Application
Netapp
9
Application
Mariadb
111
OS
Canonical
3
OS
Debian
1
OS
Redhat
10

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2511.NASL
    descriptionAn update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-08-20
    plugin id127991
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127991
    titleRHEL 8 : mysql:8.0 (RHSA-2019:2511)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0152_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126216
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126216
    titlePhoton OS 2.0: Mysql PHSA-2019-2.0-0152
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3867-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-507280 1.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-24
    plugin id121346
    published2019-01-24
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121346
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 : mysql-5.7 vulnerabilities (USN-3867-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-21B76D179E.NASL
    description** MySQL 5.7.25 ** Release notes : https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html CVEs fixed : CVE-2019-2420 CVE-2019-2434 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2531 CVE-2019-2532 CVE-2019-2534 CVE-2019-2537 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122557
    published2019-03-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122557
    titleFedora 28 : community-mysql (2019-21b76d179e)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1181.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2532) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2455) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2420) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2481) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2510) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2507) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2528) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2537) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2486) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2434) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). (CVE-2019-2534) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2531) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2482)
    last seen2020-06-01
    modified2020-06-02
    plugin id123089
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123089
    titleAmazon Linux AMI : mysql57 (ALAS-2019-1181)
  • NASL familyDatabases
    NASL idMARIADB_10_3_13.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.3.13. It is, therefore, affected by two vulnerabilities as referenced in the mdb-10313-rn advisory. They are as follows: - A vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id128876
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128876
    titleMariaDB 10.3.0 < 10.3.13 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-327.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : - CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). - CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) - CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) - CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) - CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) - CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) - CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) - CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) - CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) - CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) - CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) - CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) - CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) - CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) - CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) - CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) - CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed : - Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). - Fixed an issue where the lograte was not working (bsc#1112767). - Backport Information Schema CHECK_CONSTRAINTS Table. - Maximum value of table_definition_cache is now 2097152. - InnoDB ALTER TABLE fixes. - Galera crash recovery fixes. - Encryption fixes. - Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). - Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) - Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) - Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - remove PerconaFT from the package as it has AGPL licence (bsc#1118754) - Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog : - https://mariadb.com/kb/en/library/mariadb-10222-release-notes - https://mariadb.com/kb/en/library/mariadb-10222-changelog/ This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122849
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122849
    titleopenSUSE Security Update : mariadb (openSUSE-2019-327)
  • NASL familyDatabases
    NASL idMYSQL_5_6_43.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.43. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121227
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121227
    titleMySQL 5.6.x < 5.6.43 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2511.NASL
    descriptionFrom Red Hat Security Advisory 2019:2511 : An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127983
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127983
    titleOracle Linux 8 : mysql:8.0 (ELSA-2019-2511)
  • NASL familyDatabases
    NASL idMARIADB_10_1_38.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.1.38. It is, therefore, affected by two vulnerabilities as referenced in the mdb-10138-rn advisory. These vulnerabilities are as follows: - An unspecified vulnerability in MariaDB in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129356
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129356
    titleMariaDB 10.1.0 < 10.1.38 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0555-1.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed : CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service (bsc#1122198). CVE-2018-3284: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112377) CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3277: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112391) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3200: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112404) CVE-2018-3185: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112384) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3173: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112386) CVE-2018-3162: Fixed InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112415) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security issues fixed: Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). Fixed an issue where the lograte was not working (bsc#1112767). Backport Information Schema CHECK_CONSTRAINTS Table. Maximum value of table_definition_cache is now 2097152. InnoDB ALTER TABLE fixes. Galera crash recovery fixes. Encryption fixes. Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). Maria DB testsuite - test main.plugin_auth failed (bsc#1111859) Maria DB testsuite - test encryption.second_plugin-12863 failed (bsc#1111858) Remove PerconaFT from the package as it has AGPL licence (bsc#1118754) remove PerconaFT from the package as it has AGPL licence (bsc#1118754) Database corruption after renaming a prefix-indexed column (bsc#1120041) Release notes and changelog: https://mariadb.com/kb/en/library/mariadb-10222-release-notes https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122664
    published2019-03-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122664
    titleSUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)
  • NASL familyDatabases
    NASL idMARIADB_10_0_38.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.0.38. It is, therefore, affected by two vulnerabilities as referenced in the mdb-10038-rn advisory. The vulnerabilities are as follows: - An unspecified vulnerability in MariaDB in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129062
    published2019-09-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129062
    titleMariaDB 10.0.0 < 10.0.38 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_8_0_14.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.14. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121229
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121229
    titleMySQL 8.0.x < 8.0.14 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3708.NASL
    descriptionAn update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es) : * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-23
    modified2019-11-06
    plugin id130575
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130575
    titleRHEL 8 : mariadb:10.3 (RHSA-2019:3708)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2048-1.NASL
    descriptionThis update for mariadb fixes the following issues : Update to MariaDB 10.0.38 GA (bsc#1136037). Security issues fixed : CVE-2019-2537: Denial of service via multiple protocols (bsc#1136037) CVE-2019-2529: Denial of service via multiple protocols (bsc#1136037) CVE-2018-3282: Server Storage Engines unspecified vulnerability (CPU Oct 2018) (bsc#1112432) CVE-2018-3251: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112397) CVE-2018-3174: Client programs unspecified vulnerability (CPU Oct 2018) (bsc#1112368) CVE-2018-3156: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112417) CVE-2018-3143: InnoDB unspecified vulnerability (CPU Oct 2018) (bsc#1112421) CVE-2018-3066: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Options). (bsc#1101678) CVE-2018-3064: InnoDB unspecified vulnerability (CPU Jul 2018) (bsc#1103342) CVE-2018-3063: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent Server Security Privileges). (bsc#1101677) CVE-2018-3058: Unspecified vulnerability in the MySQL Server component of Oracle MySQL (subcomponent MyISAM). (bsc#1101676) CVE-2016-9843: Big-endian out-of-bounds pointer (bsc#1013882) Non-security changes: Removed PerconaFT from the package as it has AGPL licence (bsc#1118754). Do not just remove tokudb plugin but don
    last seen2020-06-01
    modified2020-06-02
    plugin id127764
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127764
    titleSUSE SLES12 Security Update : mariadb (SUSE-SU-2019:2048-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2118-1.NASL
    descriptionThis update for mariadb-100 to version 10.0.38 fixes the following issues : CVE-2019-2537: Fixed a denial of service vulnerability which can lead to MySQL compromise (bsc#1136037). CVE-2019-2529: Fixed a denial of service vulnerability by an privileged attacker via a protocol compromise (bsc#1136037). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127885
    published2019-08-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127885
    titleSUSE SLED12 / SLES12 Security Update : mariadb-100 (SUSE-SU-2019:2118-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0609-1.NASL
    descriptionThis update for mariadb to version 10.2.22 fixes the following issues : Security issues fixed (bsc#1122198) : CVE-2019-2510: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. CVE-2019-2537: Fixed a vulnerability which can lead to MySQL compromise and lead to Denial of Service. Other issues fixed: Fixed an issue where mysl_install_db fails due to incorrect basedir (bsc#1127027). Fixed an issue where the lograte was not working (bsc#1112767). Backport Information Schema CHECK_CONSTRAINTS Table. Maximum value of table_definition_cache is now 2097152. InnoDB ALTER TABLE fixes. Galera crash recovery fixes. Encryption fixes. Remove xtrabackup dependency as MariaDB ships a build in mariabackup so xtrabackup is not needed (bsc#1122475). The complete changelog can be found at: https://mariadb.com/kb/en/library/mariadb-10222-changelog/ Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122851
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122851
    titleSUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0609-1)
  • NASL familyDatabases
    NASL idMYSQL_5_7_25.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.25. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the January 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-06-01
    modified2020-06-02
    plugin id121228
    published2019-01-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121228
    titleMySQL 5.7.x < 5.7.25 Multiple Vulnerabilities (Jan 2019 CPU)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D3D02D3A224211E9B95CB499BAEBFEAF.NASL
    descriptionOracle reports : Please reference CVE/URL list for details Not all listed CVE
    last seen2020-03-18
    modified2019-01-28
    plugin id121406
    published2019-01-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121406
    titleFreeBSD : MySQL -- multiple vulnerabilities (d3d02d3a-2242-11e9-b95c-b499baebfeaf)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-24.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-24 (MariaDB, MySQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MariaDB and MySQL. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127973
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127973
    titleGLSA-201908-24 : MariaDB, MySQL: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1655.NASL
    descriptionSeveral issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.38. Please see the MariaDB 10.0 Release Notes for further details : https://mariadb.com/kb/en/mariadb/mariadb-10038-release-notes/ For Debian 8
    last seen2020-03-17
    modified2019-02-04
    plugin id121552
    published2019-02-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121552
    titleDebian DLA-1655-1 : mariadb-10.0 security update
  • NASL familyDatabases
    NASL idMARIADB_10_2_22.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.2.22. It is, therefore, affected by two vulnerabilities as referenced in the mdb-10222-rn advisory. They are as follows: - A vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id128973
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128973
    titleMariaDB 10.2.0 < 10.2.22 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-138.NASL
    descriptionThis update for mysql-community-server to version 5.6.43 fixes the following issues : Security issues fixed : - CVE-2019-2534, CVE-2019-2529, CVE-2019-2482, CVE-2019-2455, CVE-2019-2503, CVE-2019-2537, CVE-2019-2481, CVE-2019-2507, CVE-2019-2531, CVE-2018-0734 (boo#1113652, boo#1122198)
    last seen2020-03-18
    modified2019-02-06
    plugin id121608
    published2019-02-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121608
    titleopenSUSE Security Update : mysql-community-server (openSUSE-2019-138)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-032-01.NASL
    descriptionNew mariadb packages are available for Slackware 14.1 and 14.2 to fix security issues.
    last seen2020-03-17
    modified2019-02-04
    plugin id121567
    published2019-02-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121567
    titleSlackware 14.1 / 14.2 : mariadb (SSA:2019-032-01)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1178.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2455) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2537) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2481) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2507) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). (CVE-2019-2534) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2531) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: PS). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2482)
    last seen2020-06-01
    modified2020-06-02
    plugin id123086
    published2019-03-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123086
    titleAmazon Linux AMI : mysql56 (ALAS-2019-1178)

Redhat

advisories
  • rhsa
    idRHSA-2019:1258
  • rhsa
    idRHSA-2019:2484
  • rhsa
    idRHSA-2019:2511
  • rhsa
    idRHSA-2019:3708
rpms
  • rh-mariadb102-galera-0:25.3.25-1.el6
  • rh-mariadb102-galera-0:25.3.25-1.el7
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el6
  • rh-mariadb102-galera-debuginfo-0:25.3.25-1.el7
  • rh-mariadb102-mariadb-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-backup-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-bench-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-common-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-config-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-debuginfo-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-devel-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-errmsg-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-client-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-gssapi-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-oqgraph-engine-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-galera-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-server-utils-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-syspaths-1:10.2.22-1.el7
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el6
  • rh-mariadb102-mariadb-test-1:10.2.22-1.el7
  • rh-mysql80-mysql-0:8.0.17-1.el7
  • rh-mysql80-mysql-common-0:8.0.17-1.el7
  • rh-mysql80-mysql-config-0:8.0.17-1.el7
  • rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
  • rh-mysql80-mysql-devel-0:8.0.17-1.el7
  • rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
  • rh-mysql80-mysql-server-0:8.0.17-1.el7
  • rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-test-0:8.0.17-1.el7
  • mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
  • mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
  • mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • Judy-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-debuginfo-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-debugsource-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-devel-0:1.0.5-18.module+el8+2765+cfa4f87b
  • asio-devel-0:1.10.8-7.module+el8+2765+cfa4f87b
  • galera-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • galera-debuginfo-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • galera-debugsource-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-backup-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-debugsource-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-devel-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-devel-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-gssapi-server-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-oqgraph-engine-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-oqgraph-engine-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-galera-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-utils-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-test-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-test-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84