Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:9B0DACFCC225E044603FC2A041DAD86C
HistoryJan 27, 2020 - 12:00 a.m.

MySQL Security Updates - Oct 2019 | Cloud Foundry

2020-01-2700:00:00
Cloud Foundry
www.cloudfoundry.org
24

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Severity

Medium

Vendor

Cloud Foundry Foundation

Description

Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilites patched in the October 2019 Critical Patch Update, including:

  • CVE-2019-2910
  • CVE-2019-2911
  • CVE-2019-2914
  • CVE-2019-2922
  • CVE-2019-2923
  • CVE-2019-2924
  • CVE-2019-2938
  • CVE-2019-2946
  • CVE-2019-2960
  • CVE-2019-2974
  • CVE-2019-2993
  • CVE-2019-5443

Affected Cloud Foundry Products and Versions

  • Percona XtraDB Cluster Release
    • All versions prior to v0.22.0
  • CF Deployment
    • All versions prior to v12.22.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • Percona XtraDB Cluster Release
    • Upgrade All versions to v0.22.0 or greater
  • CF Deployment
    • Upgrade All versions to v12.22.0 or greater

History

2020-01-27: Initial vulnerability report published.

Related

nessus 52
amazon 3
openvas 22
photon 5
ubuntu 2
mageia 1
altlinux 2
ibm 4
mariadbunix 3
freebsd 1
fedora 3
redhatcve 12
prion 12
osv 16
cve 12
hackerone 3
ubuntucve 12
veracode 7
debiancve 3
alpinelinux 2
symantec 1
suse 1
f5 1
oraclelinux 3
almalinux 2
centos 1
redhat 11
rocky 2
nessus
nessus
MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
Amazon Linux AMI : mysql57 (ALAS-2020-1333)
2020-01-10 00:00:00
MySQL 5.6.x < 5.6.46 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
amazon
amazon
Medium: mysql57
2020-01-06 23:27:00
Medium: mysql56
2020-01-06 23:26:00
Important: mariadb
2020-10-22 18:28:00
openvas
openvas
Oracle MySQL Server <= 5.6.45 / 5.7 <= 5.7.27 Security Update (cpuoct2019) - Linux
2019-10-23 00:00:00
Oracle MySQL Server <= 5.6.45 / 5.7 <= 5.7.27 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0284
2020-03-18 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0284
2020-04-02 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0220
2020-03-13 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2019-11-20 00:00:00
MySQL vulnerabilities
2019-11-18 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2019-11-20 00:16:53
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.9-alt1
2019-12-06 00:00:00
Security fix for the ALT Linux 8 package mariadb version 10.1.43-alt1
2020-01-24 00:00:00
ibm
ibm
Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL
2020-03-03 02:31:05
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
2020-10-08 20:19:18
Security Bulletin: cURL vulnerability CVE-2019-5443 impacts IBM Aspera Streaming/IBM Aspera Streaming for Video version 3.9.6.1 and earlier
2020-12-08 18:23:44
mariadbunix
mariadbunix
MariaDB vulnerabilities
2019-11-20 00:00:00
CVE-2019-2974
2019-10-16 18:15:32
CVE-2019-2938
2019-10-16 18:15:29
freebsd
freebsd
MySQL -- Multiple vulerabilities
2019-10-15 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: community-mysql-8.0.18-1.fc31
2019-11-12 02:21:56
[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30
2019-11-12 02:09:19
[SECURITY] Fedora 29 Update: community-mysql-8.0.18-1.fc29
2019-11-11 17:41:09
redhatcve
redhatcve
CVE-2019-2910
2019-11-10 20:55:57
CVE-2019-5443
2019-11-13 16:37:26
CVE-2019-2924
2020-04-02 08:29:47
prion
prion
Code injection
2019-07-02 19:15:00
Code injection
2019-10-16 18:15:00
Code injection
2019-10-16 18:15:00
osv
osv
CVE-2019-5443
2019-07-02 19:15:10
CVE-2019-2960
2019-10-16 18:15:30
CVE-2019-2924
2019-10-16 18:15:28
cve
cve
CVE-2019-5443
2019-07-02 19:15:00
CVE-2019-2960
2019-10-16 18:15:00
CVE-2019-2910
2019-10-16 18:15:00
hackerone
hackerone
curl: Windows Privilege Escalation: Malicious OpenSSL Engine
2019-06-12 02:21:14
curl: curl on Windows can be forced to execute code via OpenSSL environment variables
2019-10-14 23:02:51
Internet Bug Bounty: Windows builds with insecure path defaults (CVE-2019-1552)
2019-08-28 00:18:59
ubuntucve
ubuntucve
CVE-2019-2960
2019-10-16 00:00:00
CVE-2019-2910
2019-10-16 00:00:00
CVE-2019-2974
2019-10-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-08-20 02:25:39
Denial Of Service (DoS)
2020-08-20 02:25:41
Denial Of Service (DoS)
2020-08-20 02:25:37
debiancve
debiancve
CVE-2019-2974
2019-10-16 18:15:00
CVE-2019-5443
2019-07-02 19:15:00
CVE-2019-2938
2019-10-16 18:15:00
alpinelinux
alpinelinux
CVE-2019-2974
2019-10-16 18:15:00
CVE-2019-2938
2019-10-16 18:15:00
symantec
symantec
curl CVE-2019-5443 Local Code Injection Vulnerability
2019-06-24 00:00:00
suse
suse
Security update for mariadb (moderate)
2019-12-22 00:00:00
f5
f5
K10771536 : MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
2022-01-13 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb:10.3 security, bug fix, and enhancement update
2020-12-18 00:00:00
mysql:8.0 security update
2020-09-16 00:00:00
almalinux
almalinux
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
Important: mysql:8.0 security update
2020-09-14 12:23:24
centos
centos
mariadb security update
2020-10-20 18:30:49
redhat
redhat
(RHSA-2020:4026) Moderate: mariadb security and bug fix update
2020-09-29 07:52:34
(RHSA-2020:5665) Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-22 08:57:51
(RHSA-2020:5654) Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-22 08:27:07
rocky
rocky
mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
mysql:8.0 security update
2020-09-14 12:23:24

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON
Related for CFOUNDRY:9B0DACFCC225E044603FC2A041DAD86C
nessus52amazon3openvas22photon5ubuntu2mageia1altlinux2ibm4mariadbunix3freebsd1fedora3redhatcve12prion12osv16cve12hackerone3ubuntucve12veracode7debiancve3alpinelinux2symantec1suse1f51oraclelinux3almalinux2centos1redhat11rocky2