CVE-2019-2922
https://notcve.org/view.php?id=CVE-2019-2922
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://security.netapp.com/advisory/ntap-20191017-0002 https://usn.ubuntu.com/4195-1 •
CVE-2019-2911 – mysql: Information Schema unspecified vulnerability (CPU Oct 2019)
https://notcve.org/view.php?id=CVE-2019-2911
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DTUCXX5XXPNPFV2PHP6IESGTCFMZOFP https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7X5D3O4TOQ57KL5FLQEXH2JB2UQYHCUZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKCJLNRK6RHFAHV7ZFD3XO7HNSBU3XOL https://security.netapp.com/advisory/ntap-20191017-0002 https://usn.ubuntu.com/4195-1 https:/ •
CVE-2019-2923
https://notcve.org/view.php?id=CVE-2019-2923
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://security.netapp.com/advisory/ntap-20191017-0002 https://usn.ubuntu.com/4195-1 •
CVE-2019-2924
https://notcve.org/view.php?id=CVE-2019-2924
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://security.netapp.com/advisory/ntap-20191017-0002 https://usn.ubuntu.com/4195-1 •
CVE-2019-14540 – jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig
https://notcve.org/view.php?id=CVE-2019-14540
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones anteriores a 2.9.10. Está relacionado con com.zaxxer.hikari.HikariConfig. • https://access.redhat.com/errata/RHSA-2019:3200 https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://github.com/FasterXML/jackson-databind/blob/master/release-notes/VERSION-2.x https://github.com/FasterXML/jackson-databind/issues/2410 https://github.com/FasterXML/jackson-databind/issues • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •