Oracle MySQL vulnerabilities
1,328 known vulnerabilities affecting oracle/mysql.
Total CVEs
1,328
CISA KEV
0
Public exploits
50
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH71MEDIUM1064LOW181
Vulnerabilities
Page 28 of 67
CVE-2019-3018MEDIUMCVSS 4.4≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-3018 [MEDIUM] CVE-2019-3018: Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause
nvd
CVE-2019-2920MEDIUMCVSS 5.3≥ 5.3.0, ≤ 5.3.13≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-2920 [MEDIUM] CVE-2019-2920: Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can resul
nvd
CVE-2019-2967MEDIUMCVSS 6.5≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-2967 [MEDIUM] CVE-2019-2967: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to
nvd
CVE-2019-2914MEDIUMCVSS 6.5≥ 5.7.0, ≤ 5.7.27≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-2914 [MEDIUM] CVE-2019-2914: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can
nvd
CVE-2019-2998MEDIUMCVSS 4.9≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-2998 [MEDIUM] CVE-2019-2998: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t
nvd
CVE-2019-2957MEDIUMCVSS 4.9≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-2957 [MEDIUM] CVE-2019-2957: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthoriz
nvd
CVE-2019-3004MEDIUMCVSS 6.5≥ 8.0.0, ≤ 8.0.172019-10-16
CVE-2019-3004 [MEDIUM] CVE-2019-3004: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported ver
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to c
nvd
CVE-2019-2924MEDIUMCVSS 5.3≥ 5.6.0, ≤ 5.6.45≥ 5.7.0, ≤ 5.7.272019-10-16
CVE-2019-2924 [MEDIUM] CVE-2019-2924: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can
nvd
CVE-2019-2910LOWCVSS 3.7≥ 5.6.0, ≤ 5.6.45≥ 5.7.0, ≤ 5.7.272019-10-16
CVE-2019-2910 [LOW] CVE-2019-2910: Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can
nvd
CVE-2019-2911LOWCVSS 2.7≥ 5.6.0, ≤ 5.6.45≥ 5.7.0, ≤ 5.7.27+1 more2019-10-16
CVE-2019-2911 [LOW] CVE-2019-2911: Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerabilit
nvd
CVE-2019-14540CRITICALCVSS 9.8≥ 5.7.0, ≤ 5.7.30≥ 8.0.0, ≤ 8.0.202019-09-15
CVE-2019-14540 [CRITICAL] CWE-502 CVE-2019-14540: A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
nvd
CVE-2019-16168MEDIUMCVSS 6.5≥ 8.0.0, ≤ 8.0.182019-09-09
CVE-2019-16168 [MEDIUM] CWE-369 CVE-2019-16168: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other applicati
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
nvd
CVE-2019-2800HIGHCVSS 7.1≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2800 [HIGH] CVE-2019-2800: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Sup
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized abil
nvd
CVE-2019-2822HIGHCVSS 7.5≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2822 [HIGH] CVE-2019-2822: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Clu
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Admin / InnoDB Cluster). Supported versions that are affected are 8.0.16 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person
nvd
CVE-2019-2758MEDIUMCVSS 5.5≥ 5.7.0, ≤ 5.7.26≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2758 [MEDIUM] CVE-2019-2758: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versio
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauth
nvd
CVE-2019-2780MEDIUMCVSS 4.9≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2780 [MEDIUM] CVE-2019-2780: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Serv
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Components / Services). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unau
nvd
CVE-2019-2757MEDIUMCVSS 4.9≥ 5.0.0, ≤ 5.7.26≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2757 [MEDIUM] CVE-2019-2757: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Suppo
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can resul
nvd
CVE-2019-2739MEDIUMCVSS 5.1≥ 5.6.0, ≤ 5.6.44≥ 5.7.0, ≤ 5.7.26+1 more2019-07-23
CVE-2019-2739 [MEDIUM] CVE-2019-2739: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privile
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Suc
nvd
CVE-2019-2801MEDIUMCVSS 4.9≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2801 [MEDIUM] CVE-2019-2801: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported v
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability t
nvd
CVE-2019-2826MEDIUMCVSS 4.9≥ 8.0.0, ≤ 8.0.162019-07-23
CVE-2019-2826 [MEDIUM] CVE-2019-2826: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthoriz
nvd