Multiple vulnerabilities in Oracle MySQL
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 27 |
| CVE-ID | CVE-2019-2533 CVE-2019-2482 CVE-2019-2529 CVE-2019-2534 CVE-2019-2434 CVE-2019-2455 CVE-2019-2503 CVE-2019-2436 CVE-2019-0734 CVE-2019-2536 CVE-2019-2510 CVE-2019-2502 CVE-2019-2539 CVE-2019-2494 CVE-2019-2495 CVE-2019-2537 CVE-2019-2420 CVE-2019-2481 CVE-2019-2507 CVE-2019-2530 CVE-2019-2528 CVE-2019-2531 CVE-2019-2486 CVE-2019-2532 CVE-2019-2535 CVE-2019-2513 CVE-2018-0732 |
| CWE-ID | CWE-264 CWE-200 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MySQL Server Server applications / Database software |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 27 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU17022
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2533
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU17024
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2482
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3- cpe:2.3:a:oracle:mysql_server:5.6.42:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql_server:5.7.24:*:*:*:*:*:*:*
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU17025
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2529
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU17026
Risk: Low
CVSSv4.0: 5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2534
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Denial of service
EUVDB-ID: #VU17027
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2434
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Denial of service
EUVDB-ID: #VU17028
Risk: Low
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2455
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security restrictions bypass
EUVDB-ID: #VU17029
Risk: Low
CVSSv4.0: 2.2 [CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2503
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent authenticated attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Security restrictions bypass
EUVDB-ID: #VU17030
Risk: Low
CVSSv4.0: 4.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2436
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to bypass security restrictions.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to modify arbitrary data and cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU17031
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-0734
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to obtain potentially sensitive information.
The weakness exists in MySQL Protocol due to unspecified flaw. A local attacker can read potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU17032
Risk: Low
CVSSv4.0: 0.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Clear]
CVE-ID: CVE-2019-2536
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Denial of service
EUVDB-ID: #VU17033
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2510
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Denial of service
EUVDB-ID: #VU17034
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2502
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Denial of service
EUVDB-ID: #VU17035
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2539
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Denial of service
EUVDB-ID: #VU17036
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2494
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Denial of service
EUVDB-ID: #VU17037
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2495
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Denial of service
EUVDB-ID: #VU17038
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2537
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Denial of service
EUVDB-ID: #VU17039
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2420
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Denial of service
EUVDB-ID: #VU17040
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2481
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Denial of service
EUVDB-ID: #VU17041
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2507
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Denial of service
EUVDB-ID: #VU17042
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2530
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Denial of service
EUVDB-ID: #VU17043
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2528
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Denial of service
EUVDB-ID: #VU17044
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2531
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.6.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Denial of service
EUVDB-ID: #VU17045
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2486
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Denial of service
EUVDB-ID: #VU17046
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2532
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 5.7.0 - 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Denial of service
EUVDB-ID: #VU17047
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2535
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local high-privileged attacker to cause DoS condition.
The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Information disclosure
EUVDB-ID: #VU17048
Risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-2513
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The weakness exists due to unspecified flaw. A remote attacker can read potentially sensitive information.
Install update from vendor's website.
Vulnerable software versionsMySQL Server: 8.0.13
CPE2.3https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper input validation
EUVDB-ID: #VU13325
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-0732
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to improper handling of large prime values by the affected software during key agreement operations in a Transport Layer Security (TLS) handshake using an Ephemeral Diffie-Hellman (DHE) based cipher suite. A remote attacker can send a large prime value from a malicious OpenSSL server to a targeted OpenSSL client and cause the client to stop responding while generating a key for the prime value.
MitigationInstall update from vendor's website.
Vulnerable software versionsMySQL Server: 4.0.7 - 8.0.13
CPE2.3 External linkshttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixEM
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
