ALT-PU-2018-2828-1

BDU:2017-01815

CRITICAL9.8

Уязвимость функции crc32_big библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2017-08-10Modified: 2024-11-28

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

BDU:2017-01816

HIGH7.5

Уязвимость компонента Inffast библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2017-08-10Modified: 2024-11-28

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

BDU:2017-02382

MEDIUM6.8

Уязвимость компонента inftrees библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2017-11-09Modified: 2024-11-28

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

References

CVE-2016-9840

BDU:2017-02383

HIGH8.8

Уязвимость функции inflateMark библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2017-11-09Modified: 2024-11-28

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

References

CVE-2016-9842

BDU:2018-00966

HIGH7.1

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным или вызвать отказ в обслуживании

Published: 2018-08-10Modified: 2023-11-09

CVSS 3.xHIGH 7.1

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:C

References

CVE-2018-3064

BDU:2018-01469

HIGH7.7

Уязвимость компонента Server: Parser системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2018-12-13Modified: 2021-03-23

CVSS 3.xHIGH 7.7

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

References

CVE-2018-3155

BDU:2019-00469

MEDIUM6.5

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-05Modified: 2023-11-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2018-3133

BDU:2019-00471

MEDIUM6.5

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-05Modified: 2023-11-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2018-3143

BDU:2019-00473

MEDIUM6.5

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-05Modified: 2023-11-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2018-3156

BDU:2019-00564

MEDIUM5.9

Уязвимость компонента Server: Security: Audit системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-12Modified: 2021-03-23

CVSS 3.xMEDIUM 5.9

CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2018-3144

BDU:2019-00590

MEDIUM6.5

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-12Modified: 2023-11-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:C

References

CVE-2018-3251

BDU:2019-00596

MEDIUM5.5

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2023-11-09

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:P/A:C

References

CVE-2018-3185

BDU:2019-00597

MEDIUM5.5

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:P/A:C

References

CVE-2018-3187

BDU:2019-00599

MEDIUM5.5

Уязвимость компонента Server: Merge системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 5.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:P/A:C

References

CVE-2018-3247

BDU:2019-00619

MEDIUM5.3

Уязвимость компонента Client programs системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2023-11-09

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P

References

CVE-2018-3174

BDU:2019-00631

MEDIUM5.0

Уязвимость компонента Server: Partition системы управления базами данных Oracle MySQL Server, позволяющая нарушителю получить несанкционированный доступ к защищаемым данным или вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 5.0

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

References

CVE-2018-3171

BDU:2019-00649

MEDIUM4.9

Уязвимость компонента Server: Partition системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3161

BDU:2019-00650

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2023-11-09

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3162

BDU:2019-00652

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3173

BDU:2019-00654

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2023-11-09

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3200

BDU:2019-00657

MEDIUM4.9

Уязвимость компонента Server: Memcached системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3276

BDU:2019-00658

MEDIUM4.9

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2023-11-09

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3277

BDU:2019-00659

MEDIUM4.9

Уязвимость компонента Server: RBR системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2021-03-23

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3278

BDU:2019-00662

MEDIUM4.9

Уязвимость компонента Server: Storage Engines системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-15Modified: 2024-09-30

CVSS 3.xMEDIUM 4.9

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 6.1

CVSS:2.0/AV:N/AC:L/Au:M/C:N/I:N/A:C

References

CVE-2018-3282

BDU:2019-00758

MEDIUM4.4

Уязвимость компонента Server: Logging системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-21Modified: 2021-03-23

CVSS 3.xMEDIUM 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2018-3283

BDU:2019-00759

MEDIUM4.4

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-02-21Modified: 2023-11-09

CVSS 3.xMEDIUM 4.4

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:H/Au:S/C:N/I:N/A:C

References

CVE-2018-3284

BDU:2019-01627

LOW3.3

Уязвимость в компоненте Server: Options системы управления базами данных Oracle MySQL, позволяющая нарушителю получить несанкционированный доступ к функционалу и данным сервера

Published: 2019-04-25Modified: 2023-11-09

CVSS 3.xLOW 3.3

CVSS:3.x/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:N

References

CVE-2018-3066

BDU:2020-00681

LOW3.1

Уязвимость компонента Server:Security:Encryption системы управления базами данных Oracle MySQL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным

Published: 2020-02-24Modified: 2023-11-09

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

References

CVE-2018-2767

BDU:2020-00682

MEDIUM4.3

Уязвимость компонента MyISAM системы управления базами данных Oracle MySQL, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2020-02-24Modified: 2023-11-09

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

References

CVE-2018-3058

BDU:2020-04694

MEDIUM6.5

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю создавать, удалять или изменять доступ к критически важным данным или всем данным, доступным для MySQL Server или вызвать отказ в обслуживании

Published: 2020-10-15Modified: 2023-11-09

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CVSS 2.0HIGH 8.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:C/A:C

References

CVE-2018-3060

CVE-2016-9840

HIGH8.8

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: 2017-05-23Modified: 2025-04-20

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2016-9841

CRITICAL9.8

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Published: 2017-05-23Modified: 2025-04-20

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2016-9842

HIGH8.8

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Published: 2017-05-23Modified: 2025-12-04

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2016-9843

CRITICAL9.8

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Published: 2017-05-23Modified: 2025-04-20

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2018-2767

LOW3.1

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

References

CVE-2018-3054

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3056

MEDIUM4.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

CVE-2018-3058

MEDIUM4.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

CVE-2018-3060

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

References

CVE-2018-3061

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3062

MEDIUM5.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3064

HIGH7.1

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3065

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3066

LOW3.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:N

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

References

CVE-2018-3070

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3071

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3077

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3081

MEDIUM5.0

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-07-18Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.0

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3133

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3143

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3144

MEDIUM5.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3155

HIGH7.7

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xHIGH 7.7

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References

CVE-2018-3156

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3161

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3162

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3171

MEDIUM5.0

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.0

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3173

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3174

MEDIUM5.3

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0LOW 1.9

CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:P

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

References

CVE-2018-3185

MEDIUM5.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3187

MEDIUM5.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3200

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3247

MEDIUM5.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

CVE-2018-3251

MEDIUM6.5

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3276

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3277

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3278

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3282

MEDIUM4.9

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.9

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3283

MEDIUM4.4

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2018-3284

MEDIUM4.4

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).

Published: 2018-10-17Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS 3.xMEDIUM 4.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References

CVE-2019-2731

MEDIUM5.4

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).

Published: 2019-07-23Modified: 2024-11-21

CVSS 2.0MEDIUM 5.5

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

References

Package update MySQL in branch p8

Closed issues (70)

Уязвимость функции crc32_big библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость компонента Inffast библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость компонента inftrees библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость функции inflateMark библиотеки zlib, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Уязвимость компонента Server: Parser системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Parser системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Security: Audit системы управления базами данных Oracle MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Уязвимость компонента Server: Optimizer системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Уязвимость компонента Server: Merge системы управления базами данных MySQL, позволяющая нарушителю изменить права доступа к файлам или вызвать отказ в обслуживании

Уязвимость компонента Client programs системы управления базами данных Oracle MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Partition системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Memcached системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: RBR системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Storage Engines системы управления базами данных MySQL, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Server: Logging системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента InnoDB системы управления базами данных MySQL Server, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента MyISAM системы управления базами данных Oracle MySQL, позволяющая нарушителю оказать воздействие на целостность данных

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Closed bugs (3)

Не упакован каталог /etc/my.cnf.server

Обманывает потребителя (клиента)

service mysqld start fails with an error after installation