Errata ALT-PU-2018-2028-1: Information
Fixes
Published: April 18, 2018
BDU:2019-03453
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных, или вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: April 18, 2018
BDU:2019-03454
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на изменение, добавление или удаление данных, вызвать зависание или отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: April 18, 2018
BDU:2019-03455
Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 18, 2018
BDU:2019-03456
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю получить доступ на чтение данных
Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
Published: April 18, 2018
BDU:2019-03457
Уязвимость компонента Server: DDL системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 18, 2018
BDU:2019-03458
Уязвимость компонента InnoDB системы управления базами данных MySQL Server , позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03538
Уязвимость компонента Server: Replication системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ к устройству
Severity: HIGH (7.7) Vector: AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
Published: April 17, 2018
BDU:2019-03539
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03540
Уязвимость компонента Client programs системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.9) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03541
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03542
Уязвимость компонента Server: Locking системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.4) Vector: AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03543
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.9) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03545
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 17, 2018
BDU:2019-03546
Уязвимость компонента InnoDB системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2018-2755
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity: HIGH (7.7) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103807
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2758
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2018-2759
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 4, 2022
Modified: Aug. 4, 2022
CVE-2018-2761
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (5.9) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103820
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2762
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: July 19, 2022
Modified: July 19, 2022
CVE-2018-2766
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103805
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2769
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 29, 2022
Modified: Nov. 29, 2022
CVE-2018-2771
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.4) Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103828
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-2773
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.1) Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2775
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2776
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2018-2777
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2778
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2779
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Nov. 27, 2018
Modified: Nov. 27, 2018
CVE-2018-2780
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2782
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103799
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2784
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103801
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: July 13, 2022
Modified: July 13, 2022
CVE-2018-2786
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: April 19, 2018
Modified: July 13, 2022
Modified: July 13, 2022
CVE-2018-2787
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103804
- https://security.netapp.com/advisory/ntap-20180419-0002/
- USN-3629-1
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Aug. 19, 2022
Modified: Aug. 19, 2022
CVE-2018-2810
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-2812
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Links:
Published: April 19, 2018
Modified: Aug. 29, 2022
Modified: Aug. 29, 2022
CVE-2018-2813
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103830
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-2816
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2817
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103818
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-2818
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Aug. 1, 2022
Modified: Aug. 1, 2022
CVE-2018-2819
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
- 1040698
- 103814
- https://security.netapp.com/advisory/ntap-20180419-0002/
- [debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update
- DSA-4176
- USN-3629-1
- USN-3629-2
- RHSA-2018:1254
- USN-3629-3
- [debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update
- RHSA-2018:2439
- RHSA-2018:2729
- DSA-4341
- RHSA-2018:3655
- RHSA-2019:1258
- GLSA-201908-24
Published: April 19, 2018
Modified: June 16, 2020
Modified: June 16, 2020
CVE-2018-2839
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links:
Published: April 19, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-2846
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Severity: MEDIUM (4.9) Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Links: