RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2020:4174)
Discription

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4174 advisory.

– mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614)

– mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627)

– mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628)

– mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737)

– mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739)

– mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740)

– mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758)

– mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805)

– mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)

– mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)

– mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)

– mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)

– mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752, CVE-2020-2922)

– mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760, CVE-2020-2814)

– mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)

– mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More

References

https://access.redhat.com/security/cve/CVE-2019-2739https://access.redhat.com/security/cve/CVE-2020-2814http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2739https://access.redhat.com/security/cve/CVE-2020-2922https://bugzilla.redhat.com/1798587https://bugzilla.redhat.com/1732025https://bugzilla.redhat.com/1731999https://access.redhat.com/security/cve/CVE-2020-13249https://access.redhat.com/security/cve/CVE-2019-2805https://bugzilla.redhat.com/1835850http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2974https://bugzilla.redhat.com/1839827http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2938http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2758http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2760https://bugzilla.redhat.com/1830059http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13249http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2812http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2628http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2574https://bugzilla.redhat.com/1732008https://bugzilla.redhat.com/1732000https://bugzilla.redhat.com/1764680http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2752https://bugzilla.redhat.com/1702976https://bugzilla.redhat.com/1731997https://access.redhat.com/security/cve/CVE-2019-2614https://access.redhat.com/security/cve/CVE-2019-2758https://bugzilla.redhat.com/1702969https://access.redhat.com/security/cve/CVE-2019-2938https://access.redhat.com/security/cve/CVE-2020-2752https://bugzilla.redhat.com/1764691https://bugzilla.redhat.com/1830082http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2805http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2740https://access.redhat.com/security/cve/CVE-2019-2628https://bugzilla.redhat.com/1830060http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2780http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2737http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2627https://access.redhat.com/errata/RHSA-2020:4174https://bugzilla.redhat.com/1830056https://access.redhat.com/security/cve/CVE-2019-2740https://bugzilla.redhat.com/1835849https://access.redhat.com/security/cve/CVE-2020-2574http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2922http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2614https://access.redhat.com/security/cve/CVE-2019-2627https://access.redhat.com/security/cve/CVE-2019-2737https://access.redhat.com/security/cve/CVE-2019-2974https://bugzilla.redhat.com/1702977https://access.redhat.com/security/cve/CVE-2020-2812https://access.redhat.com/security/cve/CVE-2020-2760http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2814https://access.redhat.com/security/cve/CVE-2020-2780

6.8 Medium

CVSS2

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Medium
  • None
  • Partial
  • Partial
  • Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • None
  • Required
  • Unchanged
  • High
  • High
  • High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Back to Main
Subscribe for the latest news: