Vulnerability CVE-2019-2627


Published: 2019-04-23

Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Type:

CWE-20

(Improper Input Validation)

Vendor: Oracle
Product: Mysql 
Version:
8.0.5
8.0.4
8.0.3
8.0.2
8.0.15
8.0.14
8.0.13
8.0.12
8.0.11
8.0.10
8.0.1
8.0.0
5.7.9
5.7.8
5.7.7
5.7.6
5.7.5
5.7.4
5.7.3
5.7.25
5.7.24
5.7.23
5.7.22
5.7.21
5.7.20
5.7.2
5.7.19
5.7.18
5.7.17
5.7.16
5.7.15
5.7.14
5.7.13
5.7.12
5.7.11
5.7.10
5.7.1
5.7.0
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.43
5.6.42
5.6.41
5.6.40
5.6.4
5.6.39
5.6.38
5.6.37
5.6.36
5.6.35
5.6.34
5.6.33
5.6.32
5.6.31
5.6.30
5.6.3
5.6.29
5.6.28
5.6.27
5.6.26
5.6.25
5.6.24
5.6.23
5.6.22
5.6.21
5.6.20
5.6.2
5.6.19
5.6.18
5.6.17
5.6.16
5.6.15
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.1
5.6.0
Vendor: Canonical
Product: Ubuntu linux 
Version:
19.04
18.10
18.04
16.04
14.04

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://support.f5.com/csp/article/K32798641
https://usn.ubuntu.com/3957-1/
https://usn.ubuntu.com/3957-2/
https://usn.ubuntu.com/3957-3/

Related CVE
CVE-2019-10193
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perfo...
CVE-2019-10192
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis...
CVE-2019-13132
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow a...
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi...
CVE-2019-12817
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of pow...
CVE-2019-12436
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have directory read access in order to attempt an exploit.
CVE-2019-11479
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial ...
CVE-2019-11478
Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denia...

Copyright 2019, cxsecurity.com

 

Back to Top