CVE-2019-2757 – mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2757
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K14118520 https://support.f5.com/csp/article/K14118520?utm_source=f5 •
CVE-2019-2740 – mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2740
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html http://packetstormsecurity.com/files/153862/Slackware-Security-Advisory-mariadb-Updates.html http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://access.redhat.com/errata/RHSA-2019:3708 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https:/ •
CVE-2019-2752 – mysql: Server: Options unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2752
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K14118520 https://support.f5.com/csp/article/K14118520?utm_source=f5 •
CVE-2019-2738 – mysql: Server: Compiling unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2738
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Compiling). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://access.redhat.com/errata/RHSA-2019:2484 https://access.redhat.com/errata/RHSA-2019:2511 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A55N3HZ3JZBXHQMGTUHY63FVTDU5ILEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CN3JPT5ICOAWQNPFVPVLLYR4TQIX4MXP https://support.f5.com/csp/article/K51272092 https://support.f5.com/csp/article/K51272092?utm_source=f5 •
CVE-2019-9959 – poppler: integer overflow in JPXStream::init function leading to memory consumption
https://notcve.org/view.php?id=CVE-2019-9959
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo. La función JPXStream::init en Poppler versión 0.78.0 y anteriores, no comprueba los valores negativos de la longitud de la transmisión, lo que conlleva a un Desbordamiento de Enteros, y por lo tanto hace posible asignar una gran fragmento de memoria en la pila, con un tamaño controlado por un atacante, como es demostrado por pdftocairo. • http://www.securityfocus.com/bid/109342 https://access.redhat.com/errata/RHSA-2019:2713 https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS https://lists.debian.org/debian-lts-announce/2019/10/msg00024.html https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html https://lists.debian.org/debian-lts-announce/2022/09/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ZOYOZTGU4RGZW4E63OZ7LW4SMPEWGBV https://lists.fedoraproject • CWE-190: Integer Overflow or Wraparound •