Vulnerability-Lookup

CVE-2019-2481 (GCVE-0-2019-2481)

Vulnerability from cvelistv5 – Published: 2019-01-16 19:00 – Updated: 2024-10-02 16:09

Summary

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity ?

No CVSS data available.

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

URL

	Vendor	Product	Version
	Oracle Corporation	MySQL Server	Affected: 5.6.42 and prior Affected: 5.7.24 and prior Affected: 8.0.13 and prior

CVE-2019-2481

Vulnerability from fstec - Published: 16.01.2019

Title

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL связана с недостаточным контролем доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vendor

Oracle Corp.

Software Name

MySQL

Software Version

до 8.0.13 включительно (MySQL), до 5.6.42 включительно (MySQL), до 5.7.24 включительно (MySQL)

Possible Mitigations

Использование рекомендаций: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Reference

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://nvd.nist.gov/vuln/detail/CVE-2019-2481

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Oracle Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 8.0.13 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL), \u0434\u043e 5.6.42 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL), \u0434\u043e 5.7.24 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (MySQL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: \nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.01.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.02.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00640",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-2481",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "MySQL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 MySQL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Server: Optimizer \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 Oracle MySQL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-2481",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,9)"
}

cve-2019-2481

Vulnerability from osv_almalinux

Published

2019-08-15 17:31

Modified

2019-08-15 17:31

Summary

Important: mysql:8.0 security update

Details

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

The following packages have been upgraded to a later upstream version: mysql (8.0.17).

Security Fix(es):

mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)
mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)
mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)
mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)
mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)
mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)
mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)
mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)
mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)
mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)
mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)
mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)
mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)
mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)
mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)
mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)
mysql: Server: XML unspecified vulnerability (CVE-2019-2740)
mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)
mysql: Server: DML unspecified vulnerability (CVE-2019-2784)
mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)
mysql: Client programs unspecified vulnerability (CVE-2019-2797)
mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)
mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)
mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-1.module_el8.4.0+2532+b8928c02.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.996-1.module_el8.5.0+33+8bc5f36a.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic-EUCJP"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.5.0+33+8bc5f36a"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mecab-ipadic-EUCJP"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.0.20070801-16.module_el8.4.0+2532+b8928c02"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.17).\n\nSecurity Fix(es):\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834)\n\n* mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805)\n\n* mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814)\n\n* mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503)\n\n* mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752)\n\n* mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536)\n\n* mysql: Server: Connection unspecified vulnerability (CVE-2019-2539)\n\n* mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636)\n\n* mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826)\n\n* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737)\n\n* mysql: Server: XML unspecified vulnerability (CVE-2019-2740)\n\n* mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780)\n\n* mysql: Server: DML unspecified vulnerability (CVE-2019-2784)\n\n* mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795)\n\n* mysql: Client programs unspecified vulnerability (CVE-2019-2797)\n\n* mysql: Server: FTS unspecified vulnerability (CVE-2019-2801)\n\n* mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2019:2511",
  "modified": "2019-08-15T17:31:05Z",
  "published": "2019-08-15T17:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2019-2511.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2420"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2434"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2436"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2455"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2481"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2482"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2486"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2494"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2495"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2502"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2503"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2507"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2510"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2528"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2529"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2530"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2531"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2532"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2533"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2534"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2535"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2536"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2537"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2539"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2580"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2581"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2584"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2585"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2587"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2589"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2592"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2593"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2596"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2606"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2607"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2614"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2617"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2620"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2623"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2624"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2625"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2626"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2627"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2628"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2630"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2631"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2634"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2635"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2636"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2644"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2681"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2683"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2685"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2686"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2687"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2688"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2689"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2691"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2693"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2694"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2695"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2737"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2738"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2739"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2740"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2752"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2755"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2757"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2758"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2774"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2778"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2780"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2784"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2785"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2789"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2795"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2796"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2797"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2798"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2800"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2801"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2802"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2803"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2805"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2808"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2810"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2811"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2812"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2814"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2815"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2819"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2826"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2830"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2834"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2879"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2948"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2950"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-2969"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2019-3003"
    }
  ],
  "related": [
    "CVE-2019-2800",
    "CVE-2019-2436",
    "CVE-2019-2531",
    "CVE-2019-2534",
    "CVE-2019-2614",
    "CVE-2019-2617",
    "CVE-2019-2630",
    "CVE-2019-2634",
    "CVE-2019-2635",
    "CVE-2019-2755",
    "CVE-2019-2420",
    "CVE-2019-2481",
    "CVE-2019-2507",
    "CVE-2019-2529",
    "CVE-2019-2530",
    "CVE-2019-2581",
    "CVE-2019-2596",
    "CVE-2019-2607",
    "CVE-2019-2625",
    "CVE-2019-2681",
    "CVE-2019-2685",
    "CVE-2019-2686",
    "CVE-2019-2687",
    "CVE-2019-2688",
    "CVE-2019-2689",
    "CVE-2019-2693",
    "CVE-2019-2694",
    "CVE-2019-2695",
    "CVE-2019-2757",
    "CVE-2019-2774",
    "CVE-2019-2796",
    "CVE-2019-2802",
    "CVE-2019-2803",
    "CVE-2019-2808",
    "CVE-2019-2810",
    "CVE-2019-2812",
    "CVE-2019-2815",
    "CVE-2019-2830",
    "CVE-2019-2834",
    "CVE-2019-2434",
    "CVE-2019-2455",
    "CVE-2019-2805",
    "CVE-2019-2482",
    "CVE-2019-2592",
    "CVE-2019-2486",
    "CVE-2019-2532",
    "CVE-2019-2533",
    "CVE-2019-2584",
    "CVE-2019-2589",
    "CVE-2019-2606",
    "CVE-2019-2620",
    "CVE-2019-2627",
    "CVE-2019-2739",
    "CVE-2019-2778",
    "CVE-2019-2811",
    "CVE-2019-2789",
    "CVE-2019-2494",
    "CVE-2019-2495",
    "CVE-2019-2537",
    "CVE-2019-2626",
    "CVE-2019-2644",
    "CVE-2019-2502",
    "CVE-2019-2510",
    "CVE-2019-2580",
    "CVE-2019-2585",
    "CVE-2019-2593",
    "CVE-2019-2624",
    "CVE-2019-2628",
    "CVE-2019-2758",
    "CVE-2019-2785",
    "CVE-2019-2798",
    "CVE-2019-2879",
    "CVE-2019-2814",
    "CVE-2019-2503",
    "CVE-2019-2528",
    "CVE-2019-2587",
    "CVE-2019-2535",
    "CVE-2019-2623",
    "CVE-2019-2683",
    "CVE-2019-2752",
    "CVE-2019-2536",
    "CVE-2019-2539",
    "CVE-2019-2631",
    "CVE-2019-2636",
    "CVE-2019-2691",
    "CVE-2019-2826",
    "CVE-2019-2737",
    "CVE-2019-2740",
    "CVE-2019-2780",
    "CVE-2019-2784",
    "CVE-2019-2795",
    "CVE-2019-2797",
    "CVE-2019-2801",
    "CVE-2019-2819",
    "CVE-2019-2738"
  ],
  "summary": "Important: mysql:8.0 security update"
}

GSD-2019-2481

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-2481

Aliases

CVE-2019-2481

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-2481",
    "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
    "id": "GSD-2019-2481",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-2481.html",
      "https://access.redhat.com/errata/RHSA-2019:2511",
      "https://access.redhat.com/errata/RHSA-2019:2484",
      "https://access.redhat.com/errata/RHSA-2014:0702",
      "https://ubuntu.com/security/CVE-2019-2481",
      "https://alas.aws.amazon.com/cve/html/CVE-2019-2481.html",
      "https://linux.oracle.com/cve/CVE-2019-2481.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-2481"
      ],
      "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
      "id": "GSD-2019-2481",
      "modified": "2023-12-13T01:23:45.374049Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2019-2481",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "MySQL Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "5.6.42 and prior"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "5.7.24 and prior"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "8.0.13 and prior"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Oracle Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "106619",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106619"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "USN-3867-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/3867-1/"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
          },
          {
            "name": "RHSA-2019:2484",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2484"
          },
          {
            "name": "RHSA-2019:2511",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2019:2511"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.6.42",
                "versionStartIncluding": "5.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.7.24",
                "versionStartIncluding": "5.7.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.13",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionStartIncluding": "7.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
                "cpe_name": [],
                "versionStartIncluding": "9.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.37",
                "versionStartIncluding": "5.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.0.11",
                "versionStartIncluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2481"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "106619",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106619"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
            },
            {
              "name": "USN-3867-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/3867-1/"
            },
            {
              "name": "RHSA-2019:2484",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2484"
            },
            {
              "name": "RHSA-2019:2511",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2511"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-08-19T09:06Z",
      "publishedDate": "2019-01-16T19:30Z"
    }
  }
}

CNVD-2019-26744

Vulnerability from cnvd - Published: 2019-08-09

Title

Oracle MySQL Server访问控制错误漏洞（CNVD-2019-26744）

Description

Oracle MySQL是美国甲骨文（Oracle）公司的一套开源的关系数据库管理系统。MySQL Server是其中的一个数据库服务器组件。 Oracle MySQL中的MySQL Server组件5.6.42及之前版本、5.7.24及之前版本和8.0.13及之前版本的Server: Optimizer子组件存在安全漏洞。攻击者可利用该漏洞造成拒绝服务（挂起或频繁崩溃），影响数据的可用性。

Severity

中

Patch Name

Oracle MySQL Server访问控制错误漏洞（CNVD-2019-26744）的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新：https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Reference

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Impacted products

Name
['Oracle MySQL Server <=5.6.42', 'Oracle MySQL Server <=5.7.24', 'Oracle MySQL Server <=8.0.13']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-2481"
    }
  },
  "description": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u636e\u5e93\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\n\nOracle MySQL\u4e2d\u7684MySQL Server\u7ec4\u4ef65.6.42\u53ca\u4e4b\u524d\u7248\u672c\u30015.7.24\u53ca\u4e4b\u524d\u7248\u672c\u548c8.0.13\u53ca\u4e4b\u524d\u7248\u672c\u7684Server: Optimizer\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u6302\u8d77\u6216\u9891\u7e41\u5d29\u6e83\uff09\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-26744",
  "openTime": "2019-08-09",
  "patchDescription": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002MySQL Server\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u6570\u636e\u5e93\u670d\u52a1\u5668\u7ec4\u4ef6\u3002\r\n\r\nOracle MySQL\u4e2d\u7684MySQL Server\u7ec4\u4ef65.6.42\u53ca\u4e4b\u524d\u7248\u672c\u30015.7.24\u53ca\u4e4b\u524d\u7248\u672c\u548c8.0.13\u53ca\u4e4b\u524d\u7248\u672c\u7684Server: Optimizer\u5b50\u7ec4\u4ef6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u6302\u8d77\u6216\u9891\u7e41\u5d29\u6e83\uff09\uff0c\u5f71\u54cd\u6570\u636e\u7684\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle MySQL Server\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-26744\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle MySQL Server \u003c=5.6.42",
      "Oracle MySQL Server \u003c=5.7.24",
      "Oracle MySQL Server \u003c=8.0.13"
    ]
  },
  "referenceLink": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-16",
  "title": "Oracle MySQL Server\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2019-26744\uff09"
}

CERTFR-2019-AVI-025

Vulnerability from certfr_avis - Published: 2019-01-16 - Updated: 2019-01-16

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Connectors versions 2.1.8 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 8.0.13 et antérieures
Oracle	MySQL	MySQL Server versions 5.7.24 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 4.0.7 et antérieures
Oracle	MySQL	MySQL Server versions 8.0.13 et antérieures
Oracle	MySQL	MySQL Connectors versions 8.0.13 et antérieures
Oracle	MySQL	MySQL Workbench versions 8.0.13 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.42 et antérieures

References

Title

Publication Time

GHSA-6QJ5-HRRF-QWGH

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22

Details

Severity ?

4.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-2481"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-16T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).",
  "id": "GHSA-6qj5-hrrf-qwgh",
  "modified": "2022-05-13T01:22:08Z",
  "published": "2022-05-13T01:22:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2481"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2484"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2019:2511"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190118-0002"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3867-1"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106619"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2019-2481

Vulnerability from fkie_nvd - Published: 2019-01-16 19:30 - Updated: 2024-11-21 04:40

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert_us@oracle.com	http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/106619	Third Party Advisory, VDB Entry
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2019:2484	Third Party Advisory
secalert_us@oracle.com	https://access.redhat.com/errata/RHSA-2019:2511	Third Party Advisory
secalert_us@oracle.com	https://security.netapp.com/advisory/ntap-20190118-0002/	Third Party Advisory
secalert_us@oracle.com	https://usn.ubuntu.com/3867-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106619	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2484	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2019:2511	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20190118-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/3867-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
oracle	mysql	*
oracle	mysql	*
oracle	mysql	*
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	18.10
netapp	oncommand_insight	-
netapp	oncommand_unified_manager	*
netapp	oncommand_unified_manager	*
netapp	oncommand_workflow_automation	-
netapp	snapcenter	-
mariadb	mariadb	*
mariadb	mariadb	*
redhat	enterprise_linux	8.0
redhat	enterprise_linux_eus	8.1
redhat	enterprise_linux_eus	8.2
redhat	enterprise_linux_eus	8.4
redhat	enterprise_linux_eus	8.6
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_aus	8.4
redhat	enterprise_linux_server_aus	8.6
redhat	enterprise_linux_server_tus	8.2
redhat	enterprise_linux_server_tus	8.4
redhat	enterprise_linux_server_tus	8.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C71D9265-5F97-404C-B9B4-E3E636083373",
              "versionEndIncluding": "5.6.42",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F17AD8D0-6D79-4E7D-9CD6-9B130A529C5D",
              "versionEndIncluding": "5.7.24",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C743C44C-2E97-4E5E-8C76-FC0E666BA115",
              "versionEndIncluding": "8.0.13",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
              "versionStartIncluding": "9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF3FDA1F-7B6F-4EE7-94C7-351C18167056",
              "versionEndExcluding": "5.5.37",
              "versionStartIncluding": "5.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CAB12CA-E6CF-4C51-B892-BDDCE09E0442",
              "versionEndExcluding": "10.0.11",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente MySQL Server en Oracle MySQL (subcomponente: Server: Optimizer). Las versiones compatibles que se han visto afectadas son la 5.6.42 y anteriores, 5.7.24 y anteriores, y la 8.0.13 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante con un alto nivel de privilegios que tenga acceso a red por medio de m\u00faltiples protocolos comprometa la seguridad de MySQL Server. Los ataques exitosos de esta vulnerabilidad pueden resultar en la habilidad no autorizada para provocar un cuelgue o bloqueo repetido frecuentemente (DOS completo) de MySQL Server. CVSS 3.0 Base Score 4.9 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
    }
  ],
  "id": "CVE-2019-2481",
  "lastModified": "2024-11-21T04:40:57.523",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T19:30:33.657",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106619"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2484"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2511"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3867-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3867-1/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-2481 (GCVE-0-2019-2481)

CVE-2019-2481

cve-2019-2481

Vulnerability from osv_almalinux

GSD-2019-2481

CNVD-2019-26744

CERTFR-2019-AVI-025

Solution

GHSA-6QJ5-HRRF-QWGH

FKIE_CVE-2019-2481

Tags

Sightings

Nomenclature