SB2020011494 - Multiple vulnerabilities in Oracle MySQL

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020011494

SB2020011494 - Multiple vulnerabilities in Oracle MySQL

Published: January 14, 2020 Updated: February 29, 2020

Security Bulletin ID SB2020011494
Severity
Medium
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2020-2579)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


2) Improper input validation (CVE-ID: CVE-2020-2686)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


3) Improper input validation (CVE-ID: CVE-2020-2627)

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.


4) Improper input validation (CVE-ID: CVE-2020-2570)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


5) Improper input validation (CVE-ID: CVE-2020-2573)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


6) Improper input validation (CVE-ID: CVE-2020-2574)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.


7) Improper input validation (CVE-ID: CVE-2020-2577)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


8) Improper input validation (CVE-ID: CVE-2020-2589)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


9) Improper input validation (CVE-ID: CVE-2020-2580)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


10) Improper input validation (CVE-ID: CVE-2020-2588)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


11) Improper input validation (CVE-ID: CVE-2020-2660)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


12) Improper input validation (CVE-ID: CVE-2020-2679)

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.


13) Improper input validation (CVE-ID: CVE-2020-2584)

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.


14) Improper input validation (CVE-ID: CVE-2020-2694)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.


15) Improper input validation (CVE-ID: CVE-2020-2572)

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Audit Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.


Remediation

Install update from vendor's website.

References