Vulnerabilities > CVE-2019-2627

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
oracle
canonical
mariadb
opensuse
redhat
nessus

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Vulnerable Configurations

Part Description Count
Application
Oracle
86
Application
Mariadb
113
OS
Canonical
5
OS
Opensuse
2
OS
Redhat
13

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2511.NASL
    descriptionAn update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-05-23
    modified2019-08-20
    plugin id127991
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127991
    titleRHEL 8 : mysql:8.0 (RHSA-2019:2511)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_MARIADB_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) - mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) - mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) - mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503) - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529) - mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) - mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) - mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066)
    last seen2020-03-18
    modified2019-08-27
    plugin id128240
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128240
    titleScientific Linux Security Update : mariadb on SL7.x x86_64 (20190806)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2330-1.NASL
    descriptionThis update for mariadb and mariadb-connector-c fixes the following issues : mariadb : Update to version 10.2.25 (bsc#1136035) CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666). Adjust mysql-systemd-helper (
    last seen2020-06-01
    modified2020-06-02
    plugin id128613
    published2019-09-09
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128613
    titleSUSE SLED12 / SLES12 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2330-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2327.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043) Security Fix(es) : * mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) * mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128390
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128390
    titleCentOS 7 : mariadb (CESA-2019:2327)
  • NASL familyDatabases
    NASL idMARIADB_5_5_64.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 5.5.64. It is, therefore, affected by two vulnerabilities as referenced in the mdb-5564-rn advisory. They are as follows: - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id128975
    published2019-09-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128975
    titleMariaDB 5.5.0 < 5.5.64 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMYSQL_5_6_44.NASL
    descriptionThe version of MySQL running on the remote host is 5.6.x prior to 5.6.44. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in the
    last seen2020-04-18
    modified2019-04-18
    plugin id124158
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124158
    titleMySQL 5.6.x < 5.6.44 Multiple Vulnerabilities (Apr 2019 CPU)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3957-1.NASL
    descriptionMultiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-507281 3.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124407
    published2019-04-30
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124407
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : mysql-5.7 vulnerabilities (USN-3957-1)
  • NASL familyDatabases
    NASL idMARIADB_10_4_5.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.4.5. It is, therefore, affected by the following vulnerabilities as referenced in the mdb-1045-rn advisory. - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129052
    published2019-09-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129052
    titleMariaDB 10.4.0 < 10.4.5 Multiple Vulnerabilities
  • NASL familyDatabases
    NASL idMARIADB_10_1_39.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.1.39. It is, therefore, affected by the following two vulnerabilities as referenced in the mdb-10139-rn advisory: - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129353
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129353
    titleMariaDB 10.1.0 < 10.1.39 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1915.NASL
    descriptionThis update for mariadb and mariadb-connector-c fixes the following issues : mariadb : - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my$(INSTANCE).cnf is used (bsc#1132666) mariadb-connector-c : - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128007
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128007
    titleopenSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1915)
  • NASL familyDatabases
    NASL idMYSQL_5_7_27.NASL
    descriptionThe version of MySQL running on the remote host is 5.7.x prior to 5.7.26. It is, therefore, affected by multiple vulnerabilities, including three of the top vulnerabilities below, as noted in the April 2019 Critical Patch Update advisory: - An unspecified vulnerability in MySQL in the
    last seen2020-04-18
    modified2019-04-18
    plugin id124159
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124159
    titleMySQL 5.7.x < 5.7.26 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)
  • NASL familyDatabases
    NASL idMARIADB_10_2_24.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.2.24. It is, therefore, affected by the following vulnerabilities as referenced in the mdb-10224-rn advisory: - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129501
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129501
    titleMariaDB 10.2.0 < 10.2.24 Multiple Vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0197_MARIADB.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has mariadb packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2018-3058) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3063) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3282) - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-3081) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). (CVE-2018-3066) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2614) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2627) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129910
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129910
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : mariadb Multiple Vulnerabilities (NS-SA-2019-0197)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3957-2.NASL
    descriptionUSN-3957-1 fixed multiple vulnerabilities in MySQL. This update addresses some of them in MariaDB 5.5. Ubuntu 14.04 LTS has been updated to MariaDB 5.5.64. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-5564-changelog/ https://mariadb.com/kb/en/library/mariadb-5564-release-notes/ Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125386
    published2019-05-24
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125386
    titleUbuntu 14.04 LTS : MariaDB vulnerabilities (USN-3957-2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3957-3.NASL
    descriptionUSN-3957-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2614 and CVE-2019-2627 in MariaDB 10.1. Ubuntu 18.04 LTS has been updated to MariaDB 10.1.40. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10140-changelog/ https://mariadb.com/kb/en/library/mariadb-10140-release-notes/ Original advisory details : Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have been updated to MySQL 5.7.26. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26. html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-507281 3.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125765
    published2019-06-07
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125765
    titleUbuntu 18.04 LTS : mariadb-10.1 vulnerabilities (USN-3957-3)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1292.NASL
    descriptionVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2018-3058 ) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3282) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2614) Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-3081) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3063) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2627) Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). (CVE-2018-3066)
    last seen2020-06-01
    modified2020-06-02
    plugin id129071
    published2019-09-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129071
    titleAmazon Linux 2 : mariadb (ALAS-2019-1292)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-2511.NASL
    descriptionFrom Red Hat Security Advisory 2019:2511 : An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es) : * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127983
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127983
    titleOracle Linux 8 : mysql:8.0 (ELSA-2019-2511)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4070-3.NASL
    descriptionUSN-4070-1 fixed multiple vulnerabilities in MySQL. This update provides the corresponding fixes for CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2628, CVE-2019-2627, CVE-2019-2614 in MariaDB 10.3. Ubuntu 19.04 has been updated to MariaDB 10.3.17. In addition to security fixes, the updated package contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://mariadb.com/kb/en/library/mariadb-10317-changelog/ https://mariadb.com/kb/en/library/mariadb-10317-release-notes/ Original advisory details : Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.04 have been updated to MySQL 5.7.27. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-27.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-507283 5.html. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127887
    published2019-08-14
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127887
    titleUbuntu 19.04 : MariaDB vulnerabilities (USN-4070-3)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1913.NASL
    descriptionThis update for mariadb and mariadb-connector-c fixes the following issues : mariadb : - Update to version 10.2.25 (bsc#1136035) - CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). - CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). - Fixed reading options for multiple instances if my$(INSTANCE).cnf is used (bsc#1132666) mariadb-connector-c : - Update to version 3.1.2 (bsc#1136035) - Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id128005
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128005
    titleopenSUSE Security Update : mariadb / mariadb-connector-c (openSUSE-2019-1913)
  • NASL familyDatabases
    NASL idMYSQL_8_0_16.NASL
    descriptionThe version of MySQL running on the remote host is 8.0.x prior to 8.0.16. It is, therefore, affected by multiple vulnerabilities, including four of the top vulnerabilities below, as noted in the April 2019 and July 2019 Critical Patch Update advisories: - An unspecified vulnerability in the
    last seen2020-04-18
    modified2019-04-18
    plugin id124160
    published2019-04-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124160
    titleMySQL 8.0.x < 8.0.16 Multiple Vulnerabilities (Apr 2019 CPU) (Jul 2019 CPU)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0243_MARIADB.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has mariadb packages installed that are affected by multiple vulnerabilities: - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3282) - Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2018-3081) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). (CVE-2018-3066) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). (CVE-2019-2503) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2614) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2627) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2019-2529) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). (CVE-2018-3058) - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2018-3063) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132455
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132455
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : mariadb Multiple Vulnerabilities (NS-SA-2019-0243)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3708.NASL
    descriptionAn update for the mariadb:10.3 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es) : * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-05-23
    modified2019-11-06
    plugin id130575
    published2019-11-06
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130575
    titleRHEL 8 : mariadb:10.3 (RHSA-2019:3708)
  • NASL familyDatabases
    NASL idMARIADB_10_3_15.NASL
    descriptionThe version of MariaDB installed on the remote host is prior to 10.3.15. It is, therefore, affected by the following vulnerabilities as referenced in the mdb-10315-rn advisory: - An unspecified vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129358
    published2019-09-26
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129358
    titleMariaDB 10.3.0 < 10.3.15 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2327.NASL
    descriptionAn update for mariadb is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043) Security Fix(es) : * mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) * mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127712
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127712
    titleRHEL 7 : mariadb (RHSA-2019:2327)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0015_MYSQL.NASL
    descriptionAn update of the mysql package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126117
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126117
    titlePhoton OS 3.0: Mysql PHSA-2019-3.0-0015
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2687-1.NASL
    descriptionThis update for mariadb-100 fixes the following issues : Updated to MariaDB 10.0.40-1. Security issues fixed : CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2614, CVE-2019-2627. (bsc#1132826) (bsc#1141798). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130001
    published2019-10-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130001
    titleSUSE SLED12 / SLES12 Security Update : mariadb-100 (SUSE-SU-2019:2687-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2543.NASL
    descriptionAccording to the versions of the mariadb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - MariaDB is a community developed branch of MySQL. MariaDB is a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and generic MySQL files.Security Fix(es):Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2627)Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data.(CVE-2018-3081)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2503)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2529)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2614)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.(CVE-2018-3058)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-3063)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.(CVE-2018-3066)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2018-3282)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2740)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of M(CVE-2019-2739)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2805)Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.(CVE-2019-2737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-09
    plugin id131817
    published2019-12-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131817
    titleEulerOS 2.0 SP5 : mariadb (EulerOS-SA-2019-2543)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2020-1.NASL
    descriptionThis update for mariadb and mariadb-connector-c fixes the following issues : mariadb : Update to version 10.2.25 (bsc#1136035) CVE-2019-2628: Fixed a remote denial of service by an privileged attacker (bsc#1136035). CVE-2019-2627: Fixed another remote denial of service by an privileged attacker (bsc#1136035). CVE-2019-2614: Fixed a potential remote denial of service by an privileged attacker (bsc#1136035). Fixed reading options for multiple instances if my${INSTANCE}.cnf is used (bsc#1132666) mariadb-connector-c: Update to version 3.1.2 (bsc#1136035) Moved libmariadb.pc from /usr/lib/pkgconfig to /usr/lib64/pkgconfig for x86_64 (bsc#1126088) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127756
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127756
    titleSUSE SLED15 / SLES15 Security Update : mariadb, mariadb-connector-c (SUSE-SU-2019:2020-1)

Redhat

advisories
  • bugzilla
    id1702976
    titleCVE-2019-2627 mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentmariadb-libs is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327001
          • commentmariadb-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702004
        • AND
          • commentmariadb-server is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327003
          • commentmariadb-server is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702010
        • AND
          • commentmariadb is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327005
          • commentmariadb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702002
        • AND
          • commentmariadb-embedded is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327007
          • commentmariadb-embedded is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702016
        • AND
          • commentmariadb-devel is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327009
          • commentmariadb-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702012
        • AND
          • commentmariadb-test is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327011
          • commentmariadb-test is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702008
        • AND
          • commentmariadb-embedded-devel is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327013
          • commentmariadb-embedded-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702014
        • AND
          • commentmariadb-bench is earlier than 1:5.5.64-1.el7
            ovaloval:com.redhat.rhsa:tst:20192327015
          • commentmariadb-bench is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140702006
    rhsa
    idRHSA-2019:2327
    released2019-08-06
    severityModerate
    titleRHSA-2019:2327: mariadb security and bug fix update (Moderate)
  • rhsa
    idRHSA-2019:2484
  • rhsa
    idRHSA-2019:2511
  • rhsa
    idRHSA-2019:3708
rpms
  • mariadb-1:5.5.64-1.el7
  • mariadb-bench-1:5.5.64-1.el7
  • mariadb-debuginfo-1:5.5.64-1.el7
  • mariadb-devel-1:5.5.64-1.el7
  • mariadb-embedded-1:5.5.64-1.el7
  • mariadb-embedded-devel-1:5.5.64-1.el7
  • mariadb-libs-1:5.5.64-1.el7
  • mariadb-server-1:5.5.64-1.el7
  • mariadb-test-1:5.5.64-1.el7
  • rh-mysql80-mysql-0:8.0.17-1.el7
  • rh-mysql80-mysql-common-0:8.0.17-1.el7
  • rh-mysql80-mysql-config-0:8.0.17-1.el7
  • rh-mysql80-mysql-config-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-debuginfo-0:8.0.17-1.el7
  • rh-mysql80-mysql-devel-0:8.0.17-1.el7
  • rh-mysql80-mysql-errmsg-0:8.0.17-1.el7
  • rh-mysql80-mysql-server-0:8.0.17-1.el7
  • rh-mysql80-mysql-server-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-syspaths-0:8.0.17-1.el7
  • rh-mysql80-mysql-test-0:8.0.17-1.el7
  • mecab-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-debuginfo-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-debugsource-0:0.996-1.module+el8.0.0+3898+e09bb8de.9
  • mecab-ipadic-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
  • mecab-ipadic-EUCJP-0:2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de
  • mysql-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-common-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-debugsource-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-devel-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-devel-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-errmsg-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-libs-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-libs-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-server-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-server-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-test-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • mysql-test-debuginfo-0:8.0.17-3.module+el8.0.0+3898+e09bb8de
  • Judy-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-debuginfo-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-debugsource-0:1.0.5-18.module+el8+2765+cfa4f87b
  • Judy-devel-0:1.0.5-18.module+el8+2765+cfa4f87b
  • asio-devel-0:1.10.8-7.module+el8+2765+cfa4f87b
  • galera-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • galera-debuginfo-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • galera-debugsource-0:25.3.26-1.module+el8.1.0+3974+90eded84
  • mariadb-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-backup-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-backup-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-common-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-debugsource-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-devel-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-embedded-devel-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-errmsg-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-gssapi-server-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-gssapi-server-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-oqgraph-engine-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-oqgraph-engine-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-galera-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-utils-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-server-utils-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-test-3:10.3.17-1.module+el8.1.0+3974+90eded84
  • mariadb-test-debuginfo-3:10.3.17-1.module+el8.1.0+3974+90eded84