| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-27649 |
276 |
|
|
2022-04-04 |
2022-07-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. |
|
2 |
CVE-2022-1227 |
269 |
|
DoS |
2022-04-29 |
2022-07-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. |
|
3 |
CVE-2022-1011 |
416 |
|
+Priv |
2022-03-18 |
2022-10-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. |
|
4 |
CVE-2021-31566 |
59 |
|
+Priv |
2022-08-23 |
2022-12-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. |
|
5 |
CVE-2021-23177 |
59 |
|
+Priv |
2022-08-23 |
2022-12-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. |
|
6 |
CVE-2021-3975 |
416 |
|
DoS |
2022-08-23 |
2023-02-03 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. |
|
7 |
CVE-2021-3744 |
401 |
|
DoS |
2022-03-04 |
2023-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. |
|
8 |
CVE-2021-3697 |
787 |
|
Exec Code |
2022-07-06 |
2023-02-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. |
|
9 |
CVE-2021-3696 |
787 |
|
Exec Code |
2022-07-06 |
2022-10-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. |
|
10 |
CVE-2021-3695 |
787 |
|
Exec Code Mem. Corr. |
2022-07-06 |
2022-10-28 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. |
|
11 |
CVE-2021-3669 |
400 |
|
|
2022-08-26 |
2023-02-12 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. |
|
12 |
CVE-2021-3659 |
476 |
|
|
2022-08-22 |
2022-08-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. |
|
13 |
CVE-2020-9490 |
444 |
|
|
2020-08-07 |
2022-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. |
|
14 |
CVE-2019-15605 |
444 |
|
|
2020-02-07 |
2022-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed |
|
15 |
CVE-2019-15604 |
295 |
|
|
2020-02-07 |
2022-11-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate |
|
16 |
CVE-2019-13313 |
200 |
|
+Info |
2019-07-05 |
2023-02-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line. |
|
17 |
CVE-2019-12527 |
787 |
|
Overflow |
2019-07-11 |
2023-02-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. |
|
18 |
CVE-2019-12450 |
362 |
|
|
2019-05-29 |
2023-03-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. |
|
19 |
CVE-2019-11884 |
|
|
+Info |
2019-05-10 |
2023-03-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\0' character. |
|
20 |
CVE-2019-11833 |
908 |
|
+Info |
2019-05-15 |
2023-03-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. |
|
21 |
CVE-2019-11459 |
754 |
|
|
2019-04-22 |
2023-03-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIFF image files. |
|
22 |
CVE-2019-11135 |
|
|
|
2019-11-14 |
2022-10-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. |
|
23 |
CVE-2019-9959 |
190 |
|
Overflow |
2019-07-22 |
2023-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. |
|
24 |
CVE-2019-9903 |
787 |
|
Bypass |
2019-03-21 |
2023-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. |
|
25 |
CVE-2019-9636 |
|
|
|
2019-03-08 |
2022-07-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9. |
|
26 |
CVE-2019-8720 |
119 |
|
Exec Code Overflow Mem. Corr. |
2023-03-06 |
2023-03-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. |
|
27 |
CVE-2019-7664 |
787 |
|
DoS Overflow |
2019-02-09 |
2023-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash). |
|
28 |
CVE-2019-7222 |
|
|
+Info |
2019-03-21 |
2023-02-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. |
|
29 |
CVE-2019-6111 |
22 |
|
Dir. Trav. |
2019-01-31 |
2023-03-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). |
|
30 |
CVE-2019-6109 |
116 |
|
|
2019-01-31 |
2023-02-23 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. |
|
31 |
CVE-2019-5010 |
476 |
|
DoS |
2019-10-31 |
2022-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. |
|
32 |
CVE-2019-2879 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
33 |
CVE-2019-2834 |
|
|
|
2019-07-23 |
2023-01-30 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
|
34 |
CVE-2019-2830 |
|
|
|
2019-07-23 |
2023-01-30 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
35 |
CVE-2019-2826 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
36 |
CVE-2019-2819 |
|
|
|
2019-07-23 |
2023-01-30 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
|
37 |
CVE-2019-2815 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
38 |
CVE-2019-2814 |
|
|
|
2019-07-23 |
2023-01-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N). |
|
39 |
CVE-2019-2812 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
|
40 |
CVE-2019-2811 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
41 |
CVE-2019-2810 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
42 |
CVE-2019-2808 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
43 |
CVE-2019-2805 |
|
|
|
2019-07-23 |
2022-08-04 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
|
44 |
CVE-2019-2803 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
45 |
CVE-2019-2802 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
46 |
CVE-2019-2801 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
47 |
CVE-2019-2800 |
|
|
|
2019-07-23 |
2023-01-30 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). |
|
48 |
CVE-2019-2798 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
49 |
CVE-2019-2797 |
|
|
|
2019-07-23 |
2023-01-30 |
2.3 |
None |
Local Network |
Medium |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
50 |
CVE-2019-2796 |
|
|
|
2019-07-23 |
2023-01-30 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
