Errata ALT-PU-2018-1853-1: Information
Fixes
Published: Jan. 16, 2018
BDU:2018-00341
Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю получить привилегии для создания, удаления и изменения данных или вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 16, 2018
BDU:2018-00342
Уязвимость компонента Server:Partition системы управления базами данных MySQL, позволяющая нарушителю получить привилегии для изменения, добавления или удаления данных или вызвать отказ в обслуживании
Severity: HIGH (7.1) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Jan. 16, 2019
BDU:2019-00448
Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Oct. 16, 2018
BDU:2019-00469
Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 18, 2018
BDU:2019-03454
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных, вызвать зависание или отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: April 18, 2018
BDU:2019-03456
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на чтение данных
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 18, 2018
BDU:2019-03457
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 18, 2018
BDU:2019-03458
Уязвимость компонента InnoDB системы управления базами данных MySQL Server , позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03538
Уязвимость компонента Server: Replication системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ к устройству
Severity: HIGH (7.7) Vector: AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 17, 2018
BDU:2019-03540
Уязвимость компонента Client programs системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03541
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03542
Уязвимость компонента Server: Locking системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03544
Уязвимость компонента Server: Optimizer системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03545
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03546
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 17, 2018
BDU:2019-04692
Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 17, 2018
BDU:2019-04693
Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 17, 2018
BDU:2019-04694
Уязвимость компонента Server:Optimizer системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 17, 2018
BDU:2019-04695
Уязвимость компонента Server:DDL системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Dec. 11, 2017
BDU:2020-00680
Уязвимость функции Event_job_data::execute (event_data_objects.cc) системы управления базами данных MariaDB, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным, вызвать отказ в обслуживании и оказать воздействие на целостность данных
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: July 18, 2018
BDU:2020-00681
Уязвимость компонента Server:Security:Encryption системы управления базами данных Oracle MySQL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным
Severity: LOW (3.1) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: July 15, 2020
BDU:2020-04274
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 19, 2021
BDU:2021-00468
Уязвимость компонента C API системы управления базами данных MySQL Client, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 25, 2018
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
- https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
- https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
- https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
- https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
- https://bugzilla.redhat.com/show_bug.cgi?id=1524234
- DSA-4341
- RHSA-2019:1258
- FEDORA-2018-0d6a80f496
Published: Jan. 18, 2018
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2018-2562
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- 1040216
- 102713
- DSA-4091
- [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
- USN-3537-2
- USN-3537-1
- RHSA-2018:0587
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2019:1258
Published: Jan. 18, 2018
Modified: July 1, 2022
Modified: July 1, 2022
CVE-2018-2612
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Links:
Published: Jan. 18, 2018
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2018-2622
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- 1040216
- 102706
- DSA-4091
- [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
- USN-3537-2
- USN-3537-1
- RHSA-2018:0587
- RHSA-2018:0586
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2019:1258
Published: Jan. 18, 2018
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2018-2640
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- 1040216
- 102678
- DSA-4091
- [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
- USN-3537-2
- USN-3537-1
- RHSA-2018:0587
- RHSA-2018:0586
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2019:1258
Published: Jan. 18, 2018
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2018-2665
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- 1040216
- 102681
- DSA-4091
- [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
- USN-3537-2
- USN-3537-1
- RHSA-2018:0587
- RHSA-2018:0586
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2019:1258
Published: Jan. 18, 2018
Modified: July 18, 2022
Modified: July 18, 2022
CVE-2018-2668
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- https://security.netapp.com/advisory/ntap-20180117-0002/
- 1040216
- 102682
- DSA-4091
- [debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update
- USN-3537-2
- USN-3537-1
- RHSA-2018:0587
- RHSA-2018:0586
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2019:1258
Published: April 19, 2018
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2018-2755
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103807
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2018-2761
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103820
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2018-2766
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103805
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: July 18, 2018
Modified: Sept. 21, 2022
Modified: Sept. 21, 2022
CVE-2018-2767
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Severity: LOW (3.1) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 19, 2018
Modified: Nov. 29, 2022
Modified: Nov. 29, 2022
CVE-2018-2771
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103828
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2018-2781
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103825
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2782
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103799
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2784
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103801
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: July 13, 2022
Modified: July 13, 2022
CVE-2018-2787
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103804
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2018-2813
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103830
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2817
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103818
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2819
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103814
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: July 18, 2018
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2018-3081
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.0) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: Oct. 17, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-3133
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 16, 2019
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2019-2455
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: July 15, 2020
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2020-14550
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.3) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Jan. 20, 2021
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-2011
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links: