Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-2435 (GCVE-0-2019-2435)
Vulnerability from cvelistv5
Published
2019-01-16 19:00
Modified
2024-10-02 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.
Summary
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | MySQL Connectors |
Version: 8.0.13 and prior Version: 2.1.8 and prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:49:46.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106616",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106616"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "openSUSE-SU-2020:0409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"name": "openSUSE-SU-2020:0430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-2435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T15:56:24.749487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T16:18:27.879Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MySQL Connectors",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8.0.13 and prior"
},
{
"status": "affected",
"version": "2.1.8 and prior"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-31T17:06:00",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "106616",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106616"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "openSUSE-SU-2020:0409",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"name": "openSUSE-SU-2020:0430",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.13 and prior"
},
{
"version_affected": "=",
"version_value": "2.1.8 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106616"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "openSUSE-SU-2020:0409",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"name": "openSUSE-SU-2020:0430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2019-2435",
"datePublished": "2019-01-16T19:00:00",
"dateReserved": "2018-12-14T00:00:00",
"dateUpdated": "2024-10-02T16:18:27.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-2435\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2019-01-16T19:30:32.017\",\"lastModified\":\"2024-11-21T04:40:52.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en el componente MySQL Connectors de Oracle MySQL (subcomponente: Connector/Python). Las versiones compatibles que se han visto afectadas son la 8.0.13 y anteriores, y la 2.1.8 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red mediante TLS comprometa la seguridad de MySQL Connectors. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de MySQL Connectors, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de MySQL Connectors. CVSS 3.0 Base Score 8.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.1.0\",\"versionEndIncluding\":\"2.1.8\",\"matchCriteriaId\":\"C7A856E6-6C03-4670-9829-58AF4A7851BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.13\",\"matchCriteriaId\":\"AAC8B0BE-A455-48E9-A6F2-294E52A5EB07\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"7.3\",\"matchCriteriaId\":\"BD075607-09B7-493E-8611-66D041FFDA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*\",\"versionStartIncluding\":\"9.5\",\"matchCriteriaId\":\"B64FC591-5854-4480-A6E2-5E953C2415B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106616\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190118-0002/\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106616\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190118-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/106616\", \"name\": \"106616\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190118-0002/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html\", \"name\": \"openSUSE-SU-2020:0409\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html\", \"name\": \"openSUSE-SU-2020:0430\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:49:46.407Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-2435\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T15:56:24.749487Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T15:57:20.642Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Oracle Corporation\", \"product\": \"MySQL Connectors\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0.13 and prior\"}, {\"status\": \"affected\", \"version\": \"2.1.8 and prior\"}]}], \"datePublic\": \"2019-01-15T00:00:00\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/106616\", \"name\": \"106616\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190118-0002/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html\", \"name\": \"openSUSE-SU-2020:0409\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html\", \"name\": \"openSUSE-SU-2020:0430\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.\"}]}], \"providerMetadata\": {\"orgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"shortName\": \"oracle\", \"dateUpdated\": \"2020-03-31T17:06:00\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"8.0.13 and prior\", \"version_affected\": \"=\"}, {\"version_value\": \"2.1.8 and prior\", \"version_affected\": \"=\"}]}, \"product_name\": \"MySQL Connectors\"}]}, \"vendor_name\": \"Oracle Corporation\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/106616\", \"name\": \"106616\", \"refsource\": \"BID\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"name\": \"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190118-0002/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190118-0002/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html\", \"name\": \"openSUSE-SU-2020:0409\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html\", \"name\": \"openSUSE-SU-2020:0430\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-2435\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert_us@oracle.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2019-2435\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T16:18:27.879Z\", \"dateReserved\": \"2018-12-14T00:00:00\", \"assignerOrgId\": \"43595867-4340-4103-b7a2-9a5208d29a85\", \"datePublished\": \"2019-01-16T19:00:00\", \"assignerShortName\": \"oracle\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2019-2435
Vulnerability from fkie_nvd
Published
2019-01-16 19:30
Modified
2024-11-21 04:40
Severity ?
Summary
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html | ||
| secalert_us@oracle.com | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html | ||
| secalert_us@oracle.com | http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| secalert_us@oracle.com | http://www.securityfocus.com/bid/106616 | Third Party Advisory, VDB Entry | |
| secalert_us@oracle.com | https://security.netapp.com/advisory/ntap-20190118-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106616 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190118-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | mysql_connectors | * | |
| oracle | mysql_connectors | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | active_iq_unified_manager | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snapcenter | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A856E6-6C03-4670-9829-58AF4A7851BF",
"versionEndIncluding": "2.1.8",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAC8B0BE-A455-48E9-A6F2-294E52A5EB07",
"versionEndIncluding": "8.0.13",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"matchCriteriaId": "B64FC591-5854-4480-A6E2-5E953C2415B3",
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el componente MySQL Connectors de Oracle MySQL (subcomponente: Connector/Python). Las versiones compatibles que se han visto afectadas son la 8.0.13 y anteriores, y la 2.1.8 y anteriores. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red mediante TLS comprometa la seguridad de MySQL Connectors. Para que los ataques tengan \u00e9xito, se necesita la participaci\u00f3n de otra persona diferente del atacante. Los ataques exitosos a esta vulnerabilidad pueden resultar en el acceso no autorizado a la actualizaci\u00f3n, inserci\u00f3n o supresi\u00f3n de datos confidenciales o de todos los datos accesibles de MySQL Connectors, as\u00ed como el acceso sin autorizaci\u00f3n a datos confidenciales o todos los datos accesibles de MySQL Connectors. CVSS 3.0 Base Score 8.1 (impactos en la confidencialidad e integridad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
],
"id": "CVE-2019-2435",
"lastModified": "2024-11-21T04:40:52.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T19:30:32.017",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106616"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
opensuse-su-2024:11240-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
python36-mysql-connector-python-8.0.19-2.9 on GA media
Notes
Title of the patch
python36-mysql-connector-python-8.0.19-2.9 on GA media
Description of the patch
These are all security issues fixed in the python36-mysql-connector-python-8.0.19-2.9 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11240
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python36-mysql-connector-python-8.0.19-2.9 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python36-mysql-connector-python-8.0.19-2.9 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11240",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11240-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2435/"
}
],
"title": "python36-mysql-connector-python-8.0.19-2.9 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11240-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-mysql-connector-python-8.0.19-2.9.aarch64",
"product": {
"name": "python36-mysql-connector-python-8.0.19-2.9.aarch64",
"product_id": "python36-mysql-connector-python-8.0.19-2.9.aarch64"
}
},
{
"category": "product_version",
"name": "python38-mysql-connector-python-8.0.19-2.9.aarch64",
"product": {
"name": "python38-mysql-connector-python-8.0.19-2.9.aarch64",
"product_id": "python38-mysql-connector-python-8.0.19-2.9.aarch64"
}
},
{
"category": "product_version",
"name": "python39-mysql-connector-python-8.0.19-2.9.aarch64",
"product": {
"name": "python39-mysql-connector-python-8.0.19-2.9.aarch64",
"product_id": "python39-mysql-connector-python-8.0.19-2.9.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"product": {
"name": "python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"product_id": "python36-mysql-connector-python-8.0.19-2.9.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"product": {
"name": "python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"product_id": "python38-mysql-connector-python-8.0.19-2.9.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"product": {
"name": "python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"product_id": "python39-mysql-connector-python-8.0.19-2.9.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-mysql-connector-python-8.0.19-2.9.s390x",
"product": {
"name": "python36-mysql-connector-python-8.0.19-2.9.s390x",
"product_id": "python36-mysql-connector-python-8.0.19-2.9.s390x"
}
},
{
"category": "product_version",
"name": "python38-mysql-connector-python-8.0.19-2.9.s390x",
"product": {
"name": "python38-mysql-connector-python-8.0.19-2.9.s390x",
"product_id": "python38-mysql-connector-python-8.0.19-2.9.s390x"
}
},
{
"category": "product_version",
"name": "python39-mysql-connector-python-8.0.19-2.9.s390x",
"product": {
"name": "python39-mysql-connector-python-8.0.19-2.9.s390x",
"product_id": "python39-mysql-connector-python-8.0.19-2.9.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python36-mysql-connector-python-8.0.19-2.9.x86_64",
"product": {
"name": "python36-mysql-connector-python-8.0.19-2.9.x86_64",
"product_id": "python36-mysql-connector-python-8.0.19-2.9.x86_64"
}
},
{
"category": "product_version",
"name": "python38-mysql-connector-python-8.0.19-2.9.x86_64",
"product": {
"name": "python38-mysql-connector-python-8.0.19-2.9.x86_64",
"product_id": "python38-mysql-connector-python-8.0.19-2.9.x86_64"
}
},
{
"category": "product_version",
"name": "python39-mysql-connector-python-8.0.19-2.9.x86_64",
"product": {
"name": "python39-mysql-connector-python-8.0.19-2.9.x86_64",
"product_id": "python39-mysql-connector-python-8.0.19-2.9.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-mysql-connector-python-8.0.19-2.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64"
},
"product_reference": "python36-mysql-connector-python-8.0.19-2.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-mysql-connector-python-8.0.19-2.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le"
},
"product_reference": "python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-mysql-connector-python-8.0.19-2.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x"
},
"product_reference": "python36-mysql-connector-python-8.0.19-2.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-mysql-connector-python-8.0.19-2.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64"
},
"product_reference": "python36-mysql-connector-python-8.0.19-2.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-mysql-connector-python-8.0.19-2.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64"
},
"product_reference": "python38-mysql-connector-python-8.0.19-2.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-mysql-connector-python-8.0.19-2.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le"
},
"product_reference": "python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-mysql-connector-python-8.0.19-2.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x"
},
"product_reference": "python38-mysql-connector-python-8.0.19-2.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-mysql-connector-python-8.0.19-2.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64"
},
"product_reference": "python38-mysql-connector-python-8.0.19-2.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mysql-connector-python-8.0.19-2.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64"
},
"product_reference": "python39-mysql-connector-python-8.0.19-2.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mysql-connector-python-8.0.19-2.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le"
},
"product_reference": "python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mysql-connector-python-8.0.19-2.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x"
},
"product_reference": "python39-mysql-connector-python-8.0.19-2.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-mysql-connector-python-8.0.19-2.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
},
"product_reference": "python39-mysql-connector-python-8.0.19-2.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5598",
"url": "https://www.suse.com/security/cve/CVE-2016-5598"
},
{
"category": "external",
"summary": "SUSE Bug 1005559 for CVE-2016-5598",
"url": "https://bugzilla.suse.com/1005559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5598"
},
{
"cve": "CVE-2019-2435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2435"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2435",
"url": "https://www.suse.com/security/cve/CVE-2019-2435"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122204 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python36-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python38-mysql-connector-python-8.0.19-2.9.x86_64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.aarch64",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.ppc64le",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.s390x",
"openSUSE Tumbleweed:python39-mysql-connector-python-8.0.19-2.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-2435"
}
]
}
opensuse-su-2020:0409-1
Vulnerability from csaf_opensuse
Published
2020-03-29 18:17
Modified
2020-03-29 18:17
Summary
Security update for python-mysql-connector-python
Notes
Title of the patch
Security update for python-mysql-connector-python
Description of the patch
This update for python-mysql-connector-python fixes the following issues:
python-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435):
- WL#13531: Remove xplugin namespace
- WL#13372: DNS SRV support
- WL#12738: Specify TLS ciphers to be used by a client or session
- BUG#30270760: Fix reserved filed should have a length of 22
- BUG#29417117: Close file in handle load data infile
- WL#13330: Single C/Python (Win) MSI installer
- WL#13335: Connectors should handle expired password sandbox without SET operations
- WL#13194: Add support for Python 3.8
- BUG#29909157: Table scans of floats causes memory leak with the C extension
- BUG#25349794: Add read_default_file alias for option_files in connect()
- WL#13155: Support new utf8mb4 bin collation
- WL#12737: Add overlaps and not_overlaps as operator
- WL#12735: Add README.rst and CONTRIBUTING.rst files
- WL#12227: Indexing array fields
- WL#12085: Support cursor prepared statements with C extension
- BUG#29855733: Fix error during connection using charset and collation combination
- BUG#29833590: Calling execute() should fetch active results
- BUG#21072758: Support for connection attributes classic
- WL#12864: Upgrade of Protobuf version to 3.6.1
- WL#12863: Drop support for Django versions older than 1.11
- WL#12489: Support new session reset functionality
- WL#12488: Support for session-connect-attributes
- WL#12297: Expose metadata about the source and binaries
- WL#12225: Prepared statement support
- BUG#29324966: Add missing username connection argument for driver compatibility
- BUG#29278489: Fix wrong user and group for Solaris packages
- BUG#29001628: Fix access by column label in Table.select()
- BUG#28479054: Fix Python interpreter crash due to memory corruption
- BUG#27897881: Empty LONG BLOB throws an IndexError
- BUG#29260128: Disable load data local infile by default
- WL#12607: Handling of Default Schema
- WL#12493: Standardize count method
- WL#12492: Be prepared for initial notice on connection
- BUG#28646344: Remove expression parsing on values
- BUG#28280321: Fix segmentation fault when using unicode characters in tables
- BUG#27794178: Using use_pure=False should raise an error if cext is not available
- BUG#27434751: Add a TLS/SSL option to verify server name
- WL#12239: Add support for Python 3.7
- WL#12226: Implement connect timeout
- WL#11897: Implement connection pooling for xprotocol
- BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls
- BUG#28037275: Missing bind parameters causes segfault or unclear error message
- BUG#27528819: Support special characters in the user and password using URI
- WL#11951: Consolidate discrepancies between pure and c extension
- WL#11932: Remove Fabric support
- WL#11898: Core API v1 alignment
- BUG#28188883: Use utf8mb4 as the default character set
- BUG#28133321: Fix incorrect columns names representing aggregate functions
- BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues
- BUG#27567999: Fix wrong docstring in ModifyStatement.patch()
- BUG#27277937: Fix confusing error message when using an unsupported collation
- BUG#26834200: Deprecate Row.get_string() method
- BUG#26660624: Fix missing install option in documentation
- WL#11668: Add SHA256_MEMORY authentication mechanism
- WL#11614: Enable C extension by default
- WL#11448: New document _id generation support
- WL#11282: Support new locking modes NOWAIT and SKIP LOCKED
- BUG#27639119: Use a list of dictionaries to store warnings
- BUG#27634885: Update error codes for MySQL 8.0.11
- BUG#27589450: Remove upsert functionality from WriteStatement class
- BUG#27528842: Fix internal queries open for SQL injection
- BUG#27364914: Cursor prepared statements do not convert strings
- BUG#24953913: Fix failing unittests
- BUG#24948205: Results from JSON_TYPE() are returned as bytearray
- BUG#24948186: JSON type results are bytearray instead of corresponding python type
- WL#11372: Remove configuration API
- WL#11303: Remove CreateTable and CreateView
- WL#11281: Transaction savepoints
- WL#11278: Collection.create_index
- WL#11149: Create Pylint test for mysqlx
- WL#11142: Modify/MergePatch
- WL#11079: Add support for Python 3.6
- WL#11073: Add caching_sha2_password authentication plugin
- WL#10975: Add Single document operations
- WL#10974: Add Row locking methods to find and select operations
- WL#10973: Allow JSON types as operands for IN operator
- WL#10899: Add support for pure Python implementation of Protobuf
- WL#10771: Add SHA256 authentication
- WL#10053: Configuration handling interface
- WL#10772: Cleanup Drop APIs
- WL#10770: Ensure all Session connections are secure by default
- WL#10754: Forbid modify() and remove() with no condition
- WL#10659: Support utf8mb4 as default charset
- WL#10658: Remove concept of NodeSession
- WL#10657: Move version number to 8.0
- WL#10198: Add Protobuf C++ extension implementation
- WL#10004: Document UUID generation
- BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7
- BUG#26161838: Dropping an non-existing index should succeed silently
- BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete()
- BUG#26029811: Improve error thrown when using an invalid parameter in bind()
- BUG#25991574: Fix Collection.remove() and Table.delete() missing filters
- WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX
- WL#10081: DevAPI: IPv6 support
- BUG#25614860: Fix defined_as method in the view creation
- BUG#25519251: SelectStatement does not implement order_by() method
- BUG#25436568: Update available operators for XPlugin
- BUG#24954006: Add missing items in CHANGES.txt
- BUG#24578507: Fix import error using Python 2.6
- BUG#23636962: Fix improper error message when creating a Session
- BUG#23568207: Fix default aliases for projection fields
- BUG#23567724: Fix operator names
- DevAPI: Schema.create_table
- DevAPI: Flexible Parameter Lists
- DevAPI: New transports: Unix domain socket
- DevAPI: Core TLS/SSL options for the mysqlx URI scheme
- DevAPI: View DDL with support for partitioning in a cluster / sharding
- BUG#24520850: Fix unexpected behavior when using an empty collection name
- Add support for Protocol Buffers 3
- Add View support (without DDL)
- Implement get_default_schema() method in BaseSchema
- DevAPI: Per ReplicaSet SQL execution
- DevAPI: XSession accepts a list of routers
- DevAPI: Define action on adding empty list of documents
- BUG#23729357: Fix fetching BIT datatype
- BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject
- BUG#23568257: Add fetch_one method to mysqlx.result
- BUG#23550743: Add close method to XSession and NodeSession
- BUG#23550057: Add support for URI as connection data
- Provide initial implementation of new DevAPI
Patchnames
openSUSE-2020-409
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-mysql-connector-python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-mysql-connector-python fixes the following issues:\n\npython-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435):\n\n- WL#13531: Remove xplugin namespace\n- WL#13372: DNS SRV support\n- WL#12738: Specify TLS ciphers to be used by a client or session\n- BUG#30270760: Fix reserved filed should have a length of 22\n- BUG#29417117: Close file in handle load data infile\n- WL#13330: Single C/Python (Win) MSI installer\n- WL#13335: Connectors should handle expired password sandbox without SET operations\n- WL#13194: Add support for Python 3.8\n- BUG#29909157: Table scans of floats causes memory leak with the C extension\n- BUG#25349794: Add read_default_file alias for option_files in connect()\n- WL#13155: Support new utf8mb4 bin collation\n- WL#12737: Add overlaps and not_overlaps as operator\n- WL#12735: Add README.rst and CONTRIBUTING.rst files\n- WL#12227: Indexing array fields\n- WL#12085: Support cursor prepared statements with C extension\n- BUG#29855733: Fix error during connection using charset and collation combination\n- BUG#29833590: Calling execute() should fetch active results\n- BUG#21072758: Support for connection attributes classic\n- WL#12864: Upgrade of Protobuf version to 3.6.1\n- WL#12863: Drop support for Django versions older than 1.11\n- WL#12489: Support new session reset functionality\n- WL#12488: Support for session-connect-attributes\n- WL#12297: Expose metadata about the source and binaries\n- WL#12225: Prepared statement support\n- BUG#29324966: Add missing username connection argument for driver compatibility\n- BUG#29278489: Fix wrong user and group for Solaris packages\n- BUG#29001628: Fix access by column label in Table.select()\n- BUG#28479054: Fix Python interpreter crash due to memory corruption\n- BUG#27897881: Empty LONG BLOB throws an IndexError\n- BUG#29260128: Disable load data local infile by default\n- WL#12607: Handling of Default Schema\n- WL#12493: Standardize count method\n- WL#12492: Be prepared for initial notice on connection\n- BUG#28646344: Remove expression parsing on values\n- BUG#28280321: Fix segmentation fault when using unicode characters in tables\n- BUG#27794178: Using use_pure=False should raise an error if cext is not available\n- BUG#27434751: Add a TLS/SSL option to verify server name\n- WL#12239: Add support for Python 3.7\n- WL#12226: Implement connect timeout\n- WL#11897: Implement connection pooling for xprotocol\n- BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls\n- BUG#28037275: Missing bind parameters causes segfault or unclear error message\n- BUG#27528819: Support special characters in the user and password using URI\n- WL#11951: Consolidate discrepancies between pure and c extension\n- WL#11932: Remove Fabric support\n- WL#11898: Core API v1 alignment\n- BUG#28188883: Use utf8mb4 as the default character set\n- BUG#28133321: Fix incorrect columns names representing aggregate functions\n- BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues\n- BUG#27567999: Fix wrong docstring in ModifyStatement.patch()\n- BUG#27277937: Fix confusing error message when using an unsupported collation\n- BUG#26834200: Deprecate Row.get_string() method\n- BUG#26660624: Fix missing install option in documentation\n- WL#11668: Add SHA256_MEMORY authentication mechanism\n- WL#11614: Enable C extension by default\n- WL#11448: New document _id generation support\n- WL#11282: Support new locking modes NOWAIT and SKIP LOCKED\n- BUG#27639119: Use a list of dictionaries to store warnings\n- BUG#27634885: Update error codes for MySQL 8.0.11\n- BUG#27589450: Remove upsert functionality from WriteStatement class\n- BUG#27528842: Fix internal queries open for SQL injection\n- BUG#27364914: Cursor prepared statements do not convert strings\n- BUG#24953913: Fix failing unittests\n- BUG#24948205: Results from JSON_TYPE() are returned as bytearray\n- BUG#24948186: JSON type results are bytearray instead of corresponding python type\n- WL#11372: Remove configuration API\n- WL#11303: Remove CreateTable and CreateView\n- WL#11281: Transaction savepoints\n- WL#11278: Collection.create_index\n- WL#11149: Create Pylint test for mysqlx\n- WL#11142: Modify/MergePatch\n- WL#11079: Add support for Python 3.6\n- WL#11073: Add caching_sha2_password authentication plugin\n- WL#10975: Add Single document operations\n- WL#10974: Add Row locking methods to find and select operations\n- WL#10973: Allow JSON types as operands for IN operator\n- WL#10899: Add support for pure Python implementation of Protobuf\n- WL#10771: Add SHA256 authentication\n- WL#10053: Configuration handling interface\n- WL#10772: Cleanup Drop APIs\n- WL#10770: Ensure all Session connections are secure by default\n- WL#10754: Forbid modify() and remove() with no condition\n- WL#10659: Support utf8mb4 as default charset\n- WL#10658: Remove concept of NodeSession\n- WL#10657: Move version number to 8.0\n- WL#10198: Add Protobuf C++ extension implementation\n- WL#10004: Document UUID generation\n- BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7\n- BUG#26161838: Dropping an non-existing index should succeed silently\n- BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete()\n- BUG#26029811: Improve error thrown when using an invalid parameter in bind()\n- BUG#25991574: Fix Collection.remove() and Table.delete() missing filters\n- WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX\n- WL#10081: DevAPI: IPv6 support\n- BUG#25614860: Fix defined_as method in the view creation\n- BUG#25519251: SelectStatement does not implement order_by() method\n- BUG#25436568: Update available operators for XPlugin\n- BUG#24954006: Add missing items in CHANGES.txt\n- BUG#24578507: Fix import error using Python 2.6\n- BUG#23636962: Fix improper error message when creating a Session\n- BUG#23568207: Fix default aliases for projection fields\n- BUG#23567724: Fix operator names\n- DevAPI: Schema.create_table\n- DevAPI: Flexible Parameter Lists\n- DevAPI: New transports: Unix domain socket\n- DevAPI: Core TLS/SSL options for the mysqlx URI scheme\n- DevAPI: View DDL with support for partitioning in a cluster / sharding\n- BUG#24520850: Fix unexpected behavior when using an empty collection name\n- Add support for Protocol Buffers 3\n- Add View support (without DDL)\n- Implement get_default_schema() method in BaseSchema\n- DevAPI: Per ReplicaSet SQL execution\n- DevAPI: XSession accepts a list of routers\n- DevAPI: Define action on adding empty list of documents\n- BUG#23729357: Fix fetching BIT datatype\n- BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject\n- BUG#23568257: Add fetch_one method to mysqlx.result\n- BUG#23550743: Add close method to XSession and NodeSession\n- BUG#23550057: Add support for URI as connection data\n- Provide initial implementation of new DevAPI\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-409",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0409-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0409-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7EPWI4SM76BPD53VHMZPCFUGXZWY22KL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0409-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/7EPWI4SM76BPD53VHMZPCFUGXZWY22KL/"
},
{
"category": "self",
"summary": "SUSE Bug 1122204",
"url": "https://bugzilla.suse.com/1122204"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2435/"
}
],
"title": "Security update for python-mysql-connector-python",
"tracking": {
"current_release_date": "2020-03-29T18:17:01Z",
"generator": {
"date": "2020-03-29T18:17:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0409-1",
"initial_release_date": "2020-03-29T18:17:01Z",
"revision_history": [
{
"date": "2020-03-29T18:17:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"product": {
"name": "python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"product_id": "python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"product": {
"name": "python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"product_id": "python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
},
"product_reference": "python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
},
"product_reference": "python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-2435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2435"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2435",
"url": "https://www.suse.com/security/cve/CVE-2019-2435"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122204 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:python2-mysql-connector-python-8.0.19-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:python3-mysql-connector-python-8.0.19-lp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-29T18:17:01Z",
"details": "moderate"
}
],
"title": "CVE-2019-2435"
}
]
}
opensuse-su-2020:0430-1
Vulnerability from csaf_opensuse
Published
2020-03-31 13:08
Modified
2020-03-31 13:08
Summary
Security update for python-mysql-connector-python
Notes
Title of the patch
Security update for python-mysql-connector-python
Description of the patch
This update for python-mysql-connector-python fixes the following issues:
python-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435):
- WL#13531: Remove xplugin namespace
- WL#13372: DNS SRV support
- WL#12738: Specify TLS ciphers to be used by a client or session
- BUG#30270760: Fix reserved filed should have a length of 22
- BUG#29417117: Close file in handle load data infile
- WL#13330: Single C/Python (Win) MSI installer
- WL#13335: Connectors should handle expired password sandbox without SET operations
- WL#13194: Add support for Python 3.8
- BUG#29909157: Table scans of floats causes memory leak with the C extension
- BUG#25349794: Add read_default_file alias for option_files in connect()
- WL#13155: Support new utf8mb4 bin collation
- WL#12737: Add overlaps and not_overlaps as operator
- WL#12735: Add README.rst and CONTRIBUTING.rst files
- WL#12227: Indexing array fields
- WL#12085: Support cursor prepared statements with C extension
- BUG#29855733: Fix error during connection using charset and collation combination
- BUG#29833590: Calling execute() should fetch active results
- BUG#21072758: Support for connection attributes classic
- WL#12864: Upgrade of Protobuf version to 3.6.1
- WL#12863: Drop support for Django versions older than 1.11
- WL#12489: Support new session reset functionality
- WL#12488: Support for session-connect-attributes
- WL#12297: Expose metadata about the source and binaries
- WL#12225: Prepared statement support
- BUG#29324966: Add missing username connection argument for driver compatibility
- BUG#29278489: Fix wrong user and group for Solaris packages
- BUG#29001628: Fix access by column label in Table.select()
- BUG#28479054: Fix Python interpreter crash due to memory corruption
- BUG#27897881: Empty LONG BLOB throws an IndexError
- BUG#29260128: Disable load data local infile by default
- WL#12607: Handling of Default Schema
- WL#12493: Standardize count method
- WL#12492: Be prepared for initial notice on connection
- BUG#28646344: Remove expression parsing on values
- BUG#28280321: Fix segmentation fault when using unicode characters in tables
- BUG#27794178: Using use_pure=False should raise an error if cext is not available
- BUG#27434751: Add a TLS/SSL option to verify server name
- WL#12239: Add support for Python 3.7
- WL#12226: Implement connect timeout
- WL#11897: Implement connection pooling for xprotocol
- BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls
- BUG#28037275: Missing bind parameters causes segfault or unclear error message
- BUG#27528819: Support special characters in the user and password using URI
- WL#11951: Consolidate discrepancies between pure and c extension
- WL#11932: Remove Fabric support
- WL#11898: Core API v1 alignment
- BUG#28188883: Use utf8mb4 as the default character set
- BUG#28133321: Fix incorrect columns names representing aggregate functions
- BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues
- BUG#27567999: Fix wrong docstring in ModifyStatement.patch()
- BUG#27277937: Fix confusing error message when using an unsupported collation
- BUG#26834200: Deprecate Row.get_string() method
- BUG#26660624: Fix missing install option in documentation
- WL#11668: Add SHA256_MEMORY authentication mechanism
- WL#11614: Enable C extension by default
- WL#11448: New document _id generation support
- WL#11282: Support new locking modes NOWAIT and SKIP LOCKED
- BUG#27639119: Use a list of dictionaries to store warnings
- BUG#27634885: Update error codes for MySQL 8.0.11
- BUG#27589450: Remove upsert functionality from WriteStatement class
- BUG#27528842: Fix internal queries open for SQL injection
- BUG#27364914: Cursor prepared statements do not convert strings
- BUG#24953913: Fix failing unittests
- BUG#24948205: Results from JSON_TYPE() are returned as bytearray
- BUG#24948186: JSON type results are bytearray instead of corresponding python type
- WL#11372: Remove configuration API
- WL#11303: Remove CreateTable and CreateView
- WL#11281: Transaction savepoints
- WL#11278: Collection.create_index
- WL#11149: Create Pylint test for mysqlx
- WL#11142: Modify/MergePatch
- WL#11079: Add support for Python 3.6
- WL#11073: Add caching_sha2_password authentication plugin
- WL#10975: Add Single document operations
- WL#10974: Add Row locking methods to find and select operations
- WL#10973: Allow JSON types as operands for IN operator
- WL#10899: Add support for pure Python implementation of Protobuf
- WL#10771: Add SHA256 authentication
- WL#10053: Configuration handling interface
- WL#10772: Cleanup Drop APIs
- WL#10770: Ensure all Session connections are secure by default
- WL#10754: Forbid modify() and remove() with no condition
- WL#10659: Support utf8mb4 as default charset
- WL#10658: Remove concept of NodeSession
- WL#10657: Move version number to 8.0
- WL#10198: Add Protobuf C++ extension implementation
- WL#10004: Document UUID generation
- BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7
- BUG#26161838: Dropping an non-existing index should succeed silently
- BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete()
- BUG#26029811: Improve error thrown when using an invalid parameter in bind()
- BUG#25991574: Fix Collection.remove() and Table.delete() missing filters
- WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX
- WL#10081: DevAPI: IPv6 support
- BUG#25614860: Fix defined_as method in the view creation
- BUG#25519251: SelectStatement does not implement order_by() method
- BUG#25436568: Update available operators for XPlugin
- BUG#24954006: Add missing items in CHANGES.txt
- BUG#24578507: Fix import error using Python 2.6
- BUG#23636962: Fix improper error message when creating a Session
- BUG#23568207: Fix default aliases for projection fields
- BUG#23567724: Fix operator names
- DevAPI: Schema.create_table
- DevAPI: Flexible Parameter Lists
- DevAPI: New transports: Unix domain socket
- DevAPI: Core TLS/SSL options for the mysqlx URI scheme
- DevAPI: View DDL with support for partitioning in a cluster / sharding
- BUG#24520850: Fix unexpected behavior when using an empty collection name
- Add support for Protocol Buffers 3
- Add View support (without DDL)
- Implement get_default_schema() method in BaseSchema
- DevAPI: Per ReplicaSet SQL execution
- DevAPI: XSession accepts a list of routers
- DevAPI: Define action on adding empty list of documents
- BUG#23729357: Fix fetching BIT datatype
- BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject
- BUG#23568257: Add fetch_one method to mysqlx.result
- BUG#23550743: Add close method to XSession and NodeSession
- BUG#23550057: Add support for URI as connection data
- Provide initial implementation of new DevAPI
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patchnames
openSUSE-2020-430
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-mysql-connector-python",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-mysql-connector-python fixes the following issues:\n\npython-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435):\n\n- WL#13531: Remove xplugin namespace\n- WL#13372: DNS SRV support\n- WL#12738: Specify TLS ciphers to be used by a client or session\n- BUG#30270760: Fix reserved filed should have a length of 22\n- BUG#29417117: Close file in handle load data infile\n- WL#13330: Single C/Python (Win) MSI installer\n- WL#13335: Connectors should handle expired password sandbox without SET operations\n- WL#13194: Add support for Python 3.8\n- BUG#29909157: Table scans of floats causes memory leak with the C extension\n- BUG#25349794: Add read_default_file alias for option_files in connect()\n- WL#13155: Support new utf8mb4 bin collation\n- WL#12737: Add overlaps and not_overlaps as operator\n- WL#12735: Add README.rst and CONTRIBUTING.rst files\n- WL#12227: Indexing array fields\n- WL#12085: Support cursor prepared statements with C extension\n- BUG#29855733: Fix error during connection using charset and collation combination\n- BUG#29833590: Calling execute() should fetch active results\n- BUG#21072758: Support for connection attributes classic\n- WL#12864: Upgrade of Protobuf version to 3.6.1\n- WL#12863: Drop support for Django versions older than 1.11\n- WL#12489: Support new session reset functionality\n- WL#12488: Support for session-connect-attributes\n- WL#12297: Expose metadata about the source and binaries\n- WL#12225: Prepared statement support\n- BUG#29324966: Add missing username connection argument for driver compatibility\n- BUG#29278489: Fix wrong user and group for Solaris packages\n- BUG#29001628: Fix access by column label in Table.select()\n- BUG#28479054: Fix Python interpreter crash due to memory corruption\n- BUG#27897881: Empty LONG BLOB throws an IndexError\n- BUG#29260128: Disable load data local infile by default\n- WL#12607: Handling of Default Schema\n- WL#12493: Standardize count method\n- WL#12492: Be prepared for initial notice on connection\n- BUG#28646344: Remove expression parsing on values\n- BUG#28280321: Fix segmentation fault when using unicode characters in tables\n- BUG#27794178: Using use_pure=False should raise an error if cext is not available\n- BUG#27434751: Add a TLS/SSL option to verify server name\n- WL#12239: Add support for Python 3.7\n- WL#12226: Implement connect timeout\n- WL#11897: Implement connection pooling for xprotocol\n- BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls\n- BUG#28037275: Missing bind parameters causes segfault or unclear error message\n- BUG#27528819: Support special characters in the user and password using URI\n- WL#11951: Consolidate discrepancies between pure and c extension\n- WL#11932: Remove Fabric support\n- WL#11898: Core API v1 alignment\n- BUG#28188883: Use utf8mb4 as the default character set\n- BUG#28133321: Fix incorrect columns names representing aggregate functions\n- BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues\n- BUG#27567999: Fix wrong docstring in ModifyStatement.patch()\n- BUG#27277937: Fix confusing error message when using an unsupported collation\n- BUG#26834200: Deprecate Row.get_string() method\n- BUG#26660624: Fix missing install option in documentation\n- WL#11668: Add SHA256_MEMORY authentication mechanism\n- WL#11614: Enable C extension by default\n- WL#11448: New document _id generation support\n- WL#11282: Support new locking modes NOWAIT and SKIP LOCKED\n- BUG#27639119: Use a list of dictionaries to store warnings\n- BUG#27634885: Update error codes for MySQL 8.0.11\n- BUG#27589450: Remove upsert functionality from WriteStatement class\n- BUG#27528842: Fix internal queries open for SQL injection\n- BUG#27364914: Cursor prepared statements do not convert strings\n- BUG#24953913: Fix failing unittests\n- BUG#24948205: Results from JSON_TYPE() are returned as bytearray\n- BUG#24948186: JSON type results are bytearray instead of corresponding python type\n- WL#11372: Remove configuration API\n- WL#11303: Remove CreateTable and CreateView\n- WL#11281: Transaction savepoints\n- WL#11278: Collection.create_index\n- WL#11149: Create Pylint test for mysqlx\n- WL#11142: Modify/MergePatch\n- WL#11079: Add support for Python 3.6\n- WL#11073: Add caching_sha2_password authentication plugin\n- WL#10975: Add Single document operations\n- WL#10974: Add Row locking methods to find and select operations\n- WL#10973: Allow JSON types as operands for IN operator\n- WL#10899: Add support for pure Python implementation of Protobuf\n- WL#10771: Add SHA256 authentication\n- WL#10053: Configuration handling interface\n- WL#10772: Cleanup Drop APIs\n- WL#10770: Ensure all Session connections are secure by default\n- WL#10754: Forbid modify() and remove() with no condition\n- WL#10659: Support utf8mb4 as default charset\n- WL#10658: Remove concept of NodeSession\n- WL#10657: Move version number to 8.0\n- WL#10198: Add Protobuf C++ extension implementation\n- WL#10004: Document UUID generation\n- BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7\n- BUG#26161838: Dropping an non-existing index should succeed silently\n- BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete()\n- BUG#26029811: Improve error thrown when using an invalid parameter in bind()\n- BUG#25991574: Fix Collection.remove() and Table.delete() missing filters\n- WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX\n- WL#10081: DevAPI: IPv6 support\n- BUG#25614860: Fix defined_as method in the view creation\n- BUG#25519251: SelectStatement does not implement order_by() method\n- BUG#25436568: Update available operators for XPlugin\n- BUG#24954006: Add missing items in CHANGES.txt\n- BUG#24578507: Fix import error using Python 2.6\n- BUG#23636962: Fix improper error message when creating a Session\n- BUG#23568207: Fix default aliases for projection fields\n- BUG#23567724: Fix operator names\n- DevAPI: Schema.create_table\n- DevAPI: Flexible Parameter Lists\n- DevAPI: New transports: Unix domain socket\n- DevAPI: Core TLS/SSL options for the mysqlx URI scheme\n- DevAPI: View DDL with support for partitioning in a cluster / sharding\n- BUG#24520850: Fix unexpected behavior when using an empty collection name\n- Add support for Protocol Buffers 3\n- Add View support (without DDL)\n- Implement get_default_schema() method in BaseSchema\n- DevAPI: Per ReplicaSet SQL execution\n- DevAPI: XSession accepts a list of routers\n- DevAPI: Define action on adding empty list of documents\n- BUG#23729357: Fix fetching BIT datatype\n- BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject\n- BUG#23568257: Add fetch_one method to mysqlx.result\n- BUG#23550743: Add close method to XSession and NodeSession\n- BUG#23550057: Add support for URI as connection data\n- Provide initial implementation of new DevAPI\n\nThis update was imported from the openSUSE:Leap:15.1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-430",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0430-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0430-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BTZEAGRVVQSZKISXELKWD2G6WKZMR2L/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0430-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BTZEAGRVVQSZKISXELKWD2G6WKZMR2L/"
},
{
"category": "self",
"summary": "SUSE Bug 1122204",
"url": "https://bugzilla.suse.com/1122204"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2435/"
}
],
"title": "Security update for python-mysql-connector-python",
"tracking": {
"current_release_date": "2020-03-31T13:08:06Z",
"generator": {
"date": "2020-03-31T13:08:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0430-1",
"initial_release_date": "2020-03-31T13:08:06Z",
"revision_history": [
{
"date": "2020-03-31T13:08:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"product": {
"name": "python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"product_id": "python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"product": {
"name": "python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"product_id": "python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP1",
"product": {
"name": "SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
},
"product_reference": "python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch as component of SUSE Package Hub 15 SP1",
"product_id": "SUSE Package Hub 15 SP1:python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
},
"product_reference": "python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-2435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2435"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP1:python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2435",
"url": "https://www.suse.com/security/cve/CVE-2019-2435"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122204 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP1:python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15 SP1:python2-mysql-connector-python-8.0.19-bp151.4.3.1.noarch",
"SUSE Package Hub 15 SP1:python3-mysql-connector-python-8.0.19-bp151.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-03-31T13:08:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-2435"
}
]
}
opensuse-su-2024:14149-1
Vulnerability from csaf_opensuse
Published
2024-07-12 00:00
Modified
2024-07-12 00:00
Summary
python310-mysql-connector-python-8.2.0-1.5 on GA media
Notes
Title of the patch
python310-mysql-connector-python-8.2.0-1.5 on GA media
Description of the patch
These are all security issues fixed in the python310-mysql-connector-python-8.2.0-1.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14149
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-mysql-connector-python-8.2.0-1.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-mysql-connector-python-8.2.0-1.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14149",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14149-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5598 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2435/"
}
],
"title": "python310-mysql-connector-python-8.2.0-1.5 on GA media",
"tracking": {
"current_release_date": "2024-07-12T00:00:00Z",
"generator": {
"date": "2024-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14149-1",
"initial_release_date": "2024-07-12T00:00:00Z",
"revision_history": [
{
"date": "2024-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-mysql-connector-python-8.2.0-1.5.aarch64",
"product": {
"name": "python310-mysql-connector-python-8.2.0-1.5.aarch64",
"product_id": "python310-mysql-connector-python-8.2.0-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "python311-mysql-connector-python-8.2.0-1.5.aarch64",
"product": {
"name": "python311-mysql-connector-python-8.2.0-1.5.aarch64",
"product_id": "python311-mysql-connector-python-8.2.0-1.5.aarch64"
}
},
{
"category": "product_version",
"name": "python312-mysql-connector-python-8.2.0-1.5.aarch64",
"product": {
"name": "python312-mysql-connector-python-8.2.0-1.5.aarch64",
"product_id": "python312-mysql-connector-python-8.2.0-1.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"product": {
"name": "python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"product_id": "python310-mysql-connector-python-8.2.0-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"product": {
"name": "python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"product_id": "python311-mysql-connector-python-8.2.0-1.5.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"product": {
"name": "python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"product_id": "python312-mysql-connector-python-8.2.0-1.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mysql-connector-python-8.2.0-1.5.s390x",
"product": {
"name": "python310-mysql-connector-python-8.2.0-1.5.s390x",
"product_id": "python310-mysql-connector-python-8.2.0-1.5.s390x"
}
},
{
"category": "product_version",
"name": "python311-mysql-connector-python-8.2.0-1.5.s390x",
"product": {
"name": "python311-mysql-connector-python-8.2.0-1.5.s390x",
"product_id": "python311-mysql-connector-python-8.2.0-1.5.s390x"
}
},
{
"category": "product_version",
"name": "python312-mysql-connector-python-8.2.0-1.5.s390x",
"product": {
"name": "python312-mysql-connector-python-8.2.0-1.5.s390x",
"product_id": "python312-mysql-connector-python-8.2.0-1.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-mysql-connector-python-8.2.0-1.5.x86_64",
"product": {
"name": "python310-mysql-connector-python-8.2.0-1.5.x86_64",
"product_id": "python310-mysql-connector-python-8.2.0-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "python311-mysql-connector-python-8.2.0-1.5.x86_64",
"product": {
"name": "python311-mysql-connector-python-8.2.0-1.5.x86_64",
"product_id": "python311-mysql-connector-python-8.2.0-1.5.x86_64"
}
},
{
"category": "product_version",
"name": "python312-mysql-connector-python-8.2.0-1.5.x86_64",
"product": {
"name": "python312-mysql-connector-python-8.2.0-1.5.x86_64",
"product_id": "python312-mysql-connector-python-8.2.0-1.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mysql-connector-python-8.2.0-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64"
},
"product_reference": "python310-mysql-connector-python-8.2.0-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mysql-connector-python-8.2.0-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le"
},
"product_reference": "python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mysql-connector-python-8.2.0-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x"
},
"product_reference": "python310-mysql-connector-python-8.2.0-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-mysql-connector-python-8.2.0-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64"
},
"product_reference": "python310-mysql-connector-python-8.2.0-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-mysql-connector-python-8.2.0-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64"
},
"product_reference": "python311-mysql-connector-python-8.2.0-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-mysql-connector-python-8.2.0-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le"
},
"product_reference": "python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-mysql-connector-python-8.2.0-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x"
},
"product_reference": "python311-mysql-connector-python-8.2.0-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-mysql-connector-python-8.2.0-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64"
},
"product_reference": "python311-mysql-connector-python-8.2.0-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mysql-connector-python-8.2.0-1.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64"
},
"product_reference": "python312-mysql-connector-python-8.2.0-1.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mysql-connector-python-8.2.0-1.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le"
},
"product_reference": "python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mysql-connector-python-8.2.0-1.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x"
},
"product_reference": "python312-mysql-connector-python-8.2.0-1.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-mysql-connector-python-8.2.0-1.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
},
"product_reference": "python312-mysql-connector-python-8.2.0-1.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5598"
}
],
"notes": [
{
"category": "general",
"text": "Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5598",
"url": "https://www.suse.com/security/cve/CVE-2016-5598"
},
{
"category": "external",
"summary": "SUSE Bug 1005559 for CVE-2016-5598",
"url": "https://bugzilla.suse.com/1005559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5598"
},
{
"cve": "CVE-2019-2435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2435"
}
],
"notes": [
{
"category": "general",
"text": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2435",
"url": "https://www.suse.com/security/cve/CVE-2019-2435"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122204 for CVE-2019-2435",
"url": "https://bugzilla.suse.com/1122204"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python310-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python311-mysql-connector-python-8.2.0-1.5.x86_64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.aarch64",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.ppc64le",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.s390x",
"openSUSE Tumbleweed:python312-mysql-connector-python-8.2.0-1.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-2435"
}
]
}
CERTFR-2022-AVI-916
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à R22.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.2R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO | ||
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L5 | ||
| Juniper Networks | N/A | Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à 5.4.7 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions 5.5.x antérieures à 5.5.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2022-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
},
{
"name": "CVE-2022-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2022-22208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2018-20532",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
},
{
"name": "CVE-2022-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2022-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
},
{
"name": "CVE-2022-22192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2022-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-22229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
},
{
"name": "CVE-2018-20534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2022-22245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2018-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2022-22232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
},
{
"name": "CVE-2022-22242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2022-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2022-22244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2022-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2018-20533",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2022-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2022-22199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2022-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2022-22223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
},
{
"name": "CVE-2021-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2022-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-22211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2022-22230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
},
{
"name": "CVE-2022-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
}
],
"initial_release_date": "2022-10-13T00:00:00",
"last_revision_date": "2022-10-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
}
]
}
CERTFR-2019-AVI-025
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Connectors versions 2.1.8 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.7.24 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 4.0.7 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.13 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 5.6.42 et antérieures |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Connectors versions 2.1.8 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 4.0.7 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.13 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.6.42 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2529",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2529"
},
{
"name": "CVE-2019-2510",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2510"
},
{
"name": "CVE-2018-10933",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
},
{
"name": "CVE-2019-2420",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2420"
},
{
"name": "CVE-2019-2495",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2495"
},
{
"name": "CVE-2019-2486",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2486"
},
{
"name": "CVE-2019-2434",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2434"
},
{
"name": "CVE-2019-2528",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2528"
},
{
"name": "CVE-2019-2530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2530"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2019-2494",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2494"
},
{
"name": "CVE-2019-2536",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2536"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2535",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2535"
},
{
"name": "CVE-2019-2532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2532"
},
{
"name": "CVE-2019-2537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2537"
},
{
"name": "CVE-2019-2481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2481"
},
{
"name": "CVE-2019-2502",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2502"
},
{
"name": "CVE-2019-2436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2436"
},
{
"name": "CVE-2019-2513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2513"
},
{
"name": "CVE-2019-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2531"
},
{
"name": "CVE-2019-2503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2503"
},
{
"name": "CVE-2019-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2533"
},
{
"name": "CVE-2019-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2534"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2019-2539",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2539"
},
{
"name": "CVE-2019-2482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2482"
},
{
"name": "CVE-2019-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2455"
},
{
"name": "CVE-2019-2507",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2507"
}
],
"initial_release_date": "2019-01-16T00:00:00",
"last_revision_date": "2019-01-16T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019-5072801 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixMSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019verbose-5072807 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html#MSQL"
}
]
}
cnvd-2020-02561
Vulnerability from cnvd
Title
Oracle MySQL Connectors访问控制错误漏洞(CNVD-2020-02561)
Description
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。MySQL Connectors是其中的一个连接使用MySQL的应用程序的驱动程序。
Oracle MySQL Connectors存在访问控制错误漏洞。攻击者可利用该漏洞未授权访问、创建、删除或修改数据,影响数据的完整性和保密性。
Severity
中
VLAI Severity ?
Patch Name
Oracle MySQL Connectors访问控制错误漏洞(CNVD-2020-02561)的补丁
Patch Description
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。MySQL Connectors是其中的一个连接使用MySQL的应用程序的驱动程序。
Oracle MySQL Connectors存在访问控制错误漏洞。攻击者可利用该漏洞未授权访问、创建、删除或修改数据,影响数据的完整性和保密性。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Reference
https://www.securityfocus.com/bid/106616
Impacted products
| Name | ['Oracle MySQL Connectors <=8.0.13', 'Oracle MySQL Connectors <=2.1.8'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-2435"
}
},
"description": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7cfb\u7edf\u5177\u6709\u6027\u80fd\u9ad8\u3001\u6210\u672c\u4f4e\u3001\u53ef\u9760\u6027\u597d\u7b49\u7279\u70b9\u3002MySQL Connectors\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fde\u63a5\u4f7f\u7528MySQL\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\n\nOracle MySQL Connectors\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u3001\u521b\u5efa\u3001\u5220\u9664\u6216\u4fee\u6539\u6570\u636e,\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u4fdd\u5bc6\u6027\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-02561",
"openTime": "2020-01-16",
"patchDescription": "Oracle MySQL\u662f\u7f8e\u56fd\u7532\u9aa8\u6587\uff08Oracle\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u5173\u7cfb\u6570\u636e\u5e93\u7ba1\u7406\u7cfb\u7edf\u3002\u8be5\u6570\u636e\u5e93\u7cfb\u7edf\u5177\u6709\u6027\u80fd\u9ad8\u3001\u6210\u672c\u4f4e\u3001\u53ef\u9760\u6027\u597d\u7b49\u7279\u70b9\u3002MySQL Connectors\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u8fde\u63a5\u4f7f\u7528MySQL\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nOracle MySQL Connectors\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u672a\u6388\u6743\u8bbf\u95ee\u3001\u521b\u5efa\u3001\u5220\u9664\u6216\u4fee\u6539\u6570\u636e,\u5f71\u54cd\u6570\u636e\u7684\u5b8c\u6574\u6027\u548c\u4fdd\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Oracle MySQL Connectors\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-02561\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Oracle MySQL Connectors \u003c=8.0.13",
"Oracle MySQL Connectors \u003c=2.1.8"
]
},
"referenceLink": "https://www.securityfocus.com/bid/106616",
"serverity": "\u4e2d",
"submitTime": "2019-01-16",
"title": "Oracle MySQL Connectors\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-02561\uff09"
}
gsd-2019-2435
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-2435",
"description": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"id": "GSD-2019-2435",
"references": [
"https://www.suse.com/security/cve/CVE-2019-2435.html",
"https://advisories.mageia.org/CVE-2019-2435.html",
"https://security.archlinux.org/CVE-2019-2435"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-2435"
],
"details": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).",
"id": "GSD-2019-2435",
"modified": "2023-12-13T01:23:45.350064Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Connectors",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.13 and prior"
},
{
"version_affected": "=",
"version_value": "2.1.8 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106616"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "openSUSE-SU-2020:0409",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"name": "openSUSE-SU-2020:0430",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=8.0.13",
"affected_versions": "All versions up to 8.0.13",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2019-12-13",
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.",
"fixed_versions": [
"8.0.14"
],
"identifier": "CVE-2019-2435",
"identifiers": [
"CVE-2019-2435"
],
"not_impacted": "All versions after 8.0.13",
"package_slug": "pypi/mysql-connector-python",
"pubdate": "2019-01-16",
"solution": "Upgrade to version 8.0.14 or above.",
"title": "Improper Access Control",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-2435",
"http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"http://www.securityfocus.com/bid/106616",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2435",
"https://cwe.mitre.org/data/definitions/284.html"
],
"uuid": "6b0e9c90-6b79-4462-9ef7-8d7a2ac6f2dc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.8",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0.13",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionStartIncluding": "7.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vsphere:*:*",
"cpe_name": [],
"versionStartIncluding": "9.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2019-2435"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106616",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106616"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190118-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190118-0002/"
},
{
"name": "openSUSE-SU-2020:0409",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"name": "openSUSE-SU-2020:0430",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2020-08-24T17:37Z",
"publishedDate": "2019-01-16T19:30Z"
}
}
}
ghsa-v5rq-w2xm-7g5f
Vulnerability from github
Published
2022-05-13 01:22
Modified
2022-06-27 16:09
Severity ?
VLAI Severity ?
Summary
Improper Access Control in MySQL Connector Python
Details
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.13"
},
"package": {
"ecosystem": "PyPI",
"name": "mysql-connector-python"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.19"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "mysql-connector-python"
},
"ranges": [
{
"events": [
{
"introduced": "2.1.0"
},
{
"last_affected": "2.1.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-2435"
],
"database_specific": {
"cwe_ids": [
"CWE-284"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-27T16:09:55Z",
"nvd_published_at": "2019-01-16T19:30:00Z",
"severity": "HIGH"
},
"details": "Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. ",
"id": "GHSA-v5rq-w2xm-7g5f",
"modified": "2022-06-27T16:09:55Z",
"published": "2022-05-13T01:22:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-2435"
},
{
"type": "PACKAGE",
"url": "https://github.com/mysql/mysql-connector-python"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190118-0002"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00053.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106616"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Access Control in MySQL Connector Python"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…