CVSS: 5.5EPSS: 0%CPEs: 18EXPL: 0CVE-2020-2760 – mysql: InnoDB unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2760
15 Apr 2020 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2020-2752 – mysql: C API unspecified vulnerability (CPU Apr 2020)
https://notcve.org/view.php?id=CVE-2020-2752
15 Apr 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impact... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00054.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-7221
https://notcve.org/view.php?id=CVE-2020-7221
04 Feb 2020 — mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user account to root because chown and chmod are performed unsafely, as demonstrated by a symlink attack on a chmod 04755 of auth_pam_tool_dir/auth_pam_tool. NOTE: this does not affect the Oracle MySQL product, which implements mysql_install_db differently. mysql_install_db en MariaDB versiones 10.4.7 hasta 10.4.11, permite una escalada de privilegios de la cuenta de usuario mysql a root porque chown y chmod se rea... • https://bugzilla.suse.com/show_bug.cgi?id=1160868 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.9EPSS: 0%CPEs: 17EXPL: 0CVE-2020-2574 – mysql: C API unspecified vulnerability (CPU Jan 2020)
https://notcve.org/view.php?id=CVE-2020-2574
15 Jan 2020 — Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impac... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00007.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2019-2974 – mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019)
https://notcve.org/view.php?id=CVE-2019-2974
16 Oct 2019 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availabil... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 4.4EPSS: 0%CPEs: 18EXPL: 0CVE-2019-2938 – mysql: InnoDB unspecified vulnerability (CPU Oct 2019)
https://notcve.org/view.php?id=CVE-2019-2938
16 Oct 2019 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-2805 – mysql: Server: Parser unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2805
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availab... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-2758 – mysql: InnoDB unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2758
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2019-2740 – mysql: Server: XML unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2740
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: XML). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availabili... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •
CVSS: 4.9EPSS: 0%CPEs: 14EXPL: 0CVE-2019-2737 – mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
https://notcve.org/view.php?id=CVE-2019-2737
23 Jul 2019 — Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00037.html •