Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:9B0DACFCC225E044603FC2A041DAD86C
HistoryJan 27, 2020 - 12:00 a.m.

MySQL Security Updates - Oct 2019 | Cloud Foundry

2020-01-2700:00:00
Cloud Foundry
www.cloudfoundry.org
52

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.9%

JSON

Severity

Medium

Vendor

Cloud Foundry Foundation

Description

Cloud Foundry Deployment, through its consumption of Percona XtraDB Cluster Release, is vulnerable to various MySQL vulnerabilites patched in the October 2019 Critical Patch Update, including:

  • CVE-2019-2910
  • CVE-2019-2911
  • CVE-2019-2914
  • CVE-2019-2922
  • CVE-2019-2923
  • CVE-2019-2924
  • CVE-2019-2938
  • CVE-2019-2946
  • CVE-2019-2960
  • CVE-2019-2974
  • CVE-2019-2993
  • CVE-2019-5443

Affected Cloud Foundry Products and Versions

  • Percona XtraDB Cluster Release
    • All versions prior to v0.22.0
  • CF Deployment
    • All versions prior to v12.22.0

Mitigation

Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:

  • Percona XtraDB Cluster Release
    • Upgrade All versions to v0.22.0 or greater
  • CF Deployment
    • Upgrade All versions to v12.22.0 or greater

History

2020-01-27: Initial vulnerability report published.

Related

nessus 37
amazon 2
openvas 20
photon 3
ubuntu 2
altlinux 1
mageia 1
freebsd 1
ibm 4
fedora 2
cve 12
osv 19
nvd 12
vulnrichment 8
hackerone 3
redhatcve 12
veracode 7
symantec 1
prion 12
cvelist 12
ubuntucve 12
debiancve 3
alpinelinux 2
mariadbunix 2
postgresql 1
suse 1
f5 1
oraclelinux 2
almalinux 1
centos 1
redhat 2
nessus
nessus
MySQL 5.7.x < 5.7.28 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
Amazon Linux AMI : mysql57 (ALAS-2020-1333)
2020-01-10 00:00:00
MySQL 5.6.x < 5.6.46 Multiple Vulnerabilities (Oct 2019 CPU)
2019-10-18 00:00:00
amazon
amazon
Medium: mysql57
2020-01-06 23:27:00
Medium: mysql56
2020-01-06 23:26:00
openvas
openvas
Oracle MySQL Server <= 5.6.45 / 5.7 <= 5.7.27 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
Oracle MySQL Server <= 5.6.45 / 5.7 <= 5.7.27 Security Update (cpuoct2019) - Linux
2019-10-23 00:00:00
Oracle MySQL Server 5.7 <= 5.7.27 / 8.0 <= 8.0.17 Security Update (cpuoct2019) - Windows
2019-10-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0284
2020-03-18 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0284
2020-04-02 00:00:00
Moderate Photon OS Security Update - PHSA-2020-0220
2020-03-13 00:00:00
ubuntu
ubuntu
MariaDB vulnerabilities
2019-11-20 00:00:00
MySQL vulnerabilities
2019-11-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package mariadb version 10.4.9-alt1
2019-12-06 00:00:00
mageia
mageia
Updated mariadb packages fix security vulnerabilities
2019-11-20 00:16:53
freebsd
freebsd
MySQL -- Multiple vulerabilities
2019-10-15 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by Oracle MySQL vulnerabilities
2020-10-08 20:19:18
Security Bulletin: API Connect is impacted by multiple vulnerabilities in Oracle MySQL
2020-03-03 02:31:05
Security Bulletin: Curl vulnerabilities CVE-2019-5443 impacts IBM Aspera High-Speed Transfer Server, IBM Aspera High-Speed Transfer Client, IBM Aspera Desktop Client 3.9.1 and earlier
2020-07-17 00:46:14
fedora
fedora
[SECURITY] Fedora 30 Update: community-mysql-8.0.18-1.fc30
2019-11-12 02:09:19
[SECURITY] Fedora 31 Update: community-mysql-8.0.18-1.fc31
2019-11-12 02:21:56
cve
cve
CVE-2019-5443
2019-07-02 19:15:10
CVE-2019-2910
2019-10-16 18:15:27
CVE-2019-2914
2019-10-16 18:15:28
osv
osv
CVE-2019-2910
2019-10-16 18:15:27
CGA-jp7j-qgxv-w827
2024-07-04 22:09:34
CVE-2019-5443
2019-07-02 19:15:10
nvd
nvd
CVE-2019-2910
2019-10-16 18:15:27
CVE-2019-5443
2019-07-02 19:15:10
CVE-2019-2914
2019-10-16 18:15:28
vulnrichment
vulnrichment
CVE-2019-2910
2019-10-16 17:40:54
CVE-2019-2946
2019-10-16 17:40:55
CVE-2019-2960
2019-10-16 17:40:56
hackerone
hackerone
curl: Windows Privilege Escalation: Malicious OpenSSL Engine
2019-06-12 02:21:14
curl: curl on Windows can be forced to execute code via OpenSSL environment variables
2019-10-14 23:02:51
Internet Bug Bounty: Windows builds with insecure path defaults (CVE-2019-1552)
2019-08-28 00:18:59
redhatcve
redhatcve
CVE-2019-2924
2020-04-02 08:29:47
CVE-2019-2910
2019-11-10 20:55:57
CVE-2019-5443
2019-11-13 16:37:26
veracode
veracode
Denial Of Service (DoS)
2020-08-20 02:25:39
Information Disclosure
2020-08-20 02:25:37
Denial Of Service (DoS)
2020-08-20 02:25:41
symantec
symantec
curl CVE-2019-5443 Local Code Injection Vulnerability
2019-06-24 00:00:00
prion
prion
Code injection
2019-10-16 18:15:00
Design/Logic Flaw
2019-10-16 18:15:00
Code injection
2019-07-02 19:15:00
cvelist
cvelist
CVE-2019-2910
2019-10-16 17:40:54
CVE-2019-5443
2019-07-02 18:31:23
CVE-2019-2960
2019-10-16 17:40:56
ubuntucve
ubuntucve
CVE-2019-2910
2019-10-16 00:00:00
CVE-2019-2914
2019-10-16 00:00:00
CVE-2019-5443
2019-07-02 00:00:00
debiancve
debiancve
CVE-2019-5443
2019-07-02 19:15:10
CVE-2019-2974
2019-10-16 18:15:32
CVE-2019-2938
2019-10-16 18:15:29
alpinelinux
alpinelinux
CVE-2019-2974
2019-10-16 18:15:32
CVE-2019-2938
2019-10-16 18:15:29
mariadbunix
mariadbunix
CVE-2019-2974
2019-10-16 18:15:32
CVE-2019-2938
2019-10-16 18:15:29
postgresql
postgresql
Vulnerability in packaging (CVE-2019-10211)
2019-08-08 00:00:00
suse
suse
Security update for mariadb (moderate)
2019-12-22 00:00:00
f5
f5
K10771536 : MySQL vulnerabilities CVE-2017-3309, CVE-2017-3453, and CVE-2019-2974
2022-01-13 00:00:00
oraclelinux
oraclelinux
mariadb security and bug fix update
2020-10-06 00:00:00
mariadb:10.3 security, bug fix, and enhancement update
2020-12-18 00:00:00
almalinux
almalinux
Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-15 16:03:43
centos
centos
mariadb security update
2020-10-20 18:30:49
redhat
redhat
(RHSA-2020:4026) Moderate: mariadb security and bug fix update
2020-09-29 07:52:34
(RHSA-2020:5654) Important: mariadb:10.3 security, bug fix, and enhancement update
2020-12-22 08:27:07

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.9%

JSON
Related for CFOUNDRY:9B0DACFCC225E044603FC2A041DAD86C
nessus37amazon2openvas20photon3ubuntu2altlinux1mageia1freebsd1ibm4fedora2cve12osv19nvd12vulnrichment8hackerone3redhatcve12veracode7symantec1prion12cvelist12ubuntucve12debiancve3alpinelinux2mariadbunix2postgresql1suse1f51oraclelinux2almalinux1centos1redhat2