| 57aec168-453e-11e8-8777-b499baebfeaf | MySQL -- multiple vulnerabilities
Oracle reports:
MySQL Multiple Flaws Let Remote Authenticated Users Access and
Modify Data, Remote and Local Users Deny Service, and Local Users
Access Data and Gain Elevated Privileges
- A local user can exploit a flaw in the Replication component
to gain elevated privileges [CVE-2018-2755].
- A remote authenticated user can exploit a flaw in the GIS
Extension component to cause denial of service conditions
[CVE-2018-2805].
- A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2782,
CVE-2018-2784, CVE-2018-2819].
- A remote authenticated user can exploit a flaw in the Security
Privileges component to cause denial of service conditions
[CVE-2018-2758, CVE-2018-2818].
- A remote authenticated user can exploit a flaw in the DDL
component to cause denial of service conditions
[CVE-2018-2817].
- A remote authenticated user can exploit a flaw in the Optimizer
component to cause denial of service conditions [CVE-2018-2775,
CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,
CVE-2018-2816].
- A remote user can exploit a flaw in the Client programs
component to cause denial of service conditions [CVE-2018-2761,
CVE-2018-2773].
- A remote authenticated user can exploit a flaw in the InnoDB
component to partially modify data and cause denial of service
conditions [CVE-2018-2786, CVE-2018-2787].
- A remote authenticated user can exploit a flaw in the Optimizer
component to partially modify data and cause denial of service
conditions [CVE-2018-2812].
- A local user can exploit a flaw in the Cluster ndbcluster/plugin
component to cause denial of service conditions [CVE-2018-2877].
- A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2759,
CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].
- A remote authenticated user can exploit a flaw in the DML
component to cause denial of service conditions [CVE-2018-2839].
- A remote authenticated user can exploit a flaw in the
Performance Schema component to cause denial of service conditions
[CVE-2018-2846].
- A remote authenticated user can exploit a flaw in the Pluggable
Auth component to cause denial of service conditions
[CVE-2018-2769].
- A remote authenticated user can exploit a flaw in the Group
Replication GCS component to cause denial of service conditions
[CVE-2018-2776].
- A local user can exploit a flaw in the Connection component to
cause denial of service conditions [CVE-2018-2762].
- A remote authenticated user can exploit a flaw in the Locking
component to cause denial of service conditions [CVE-2018-2771].
- A remote authenticated user can exploit a flaw in the DDL
component to partially access data [CVE-2018-2813].
Discovery 2018-04-17
Entry 2018-04-21
mariadb55-server
< 5.5.60
mariadb100-server
< 10.0.35
mariadb101-server
< 10.1.33
mariadb102-server
< 10.2.15
mysql55-server
< 5.5.60
mysql56-server
< 5.6.40
mysql57-server
< 5.7.22
percona55-server
< 5.5.60
percona56-server
< 5.6.40
percona57-server
< 5.7.22
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CVE-2018-2755
CVE-2018-2805
CVE-2018-2782
CVE-2018-2784
CVE-2018-2819
CVE-2018-2758
CVE-2018-2817
CVE-2018-2775
CVE-2018-2780
CVE-2018-2761
CVE-2018-2786
CVE-2018-2787
CVE-2018-2812
CVE-2018-2877
CVE-2018-2759
CVE-2018-2766
CVE-2018-2777
CVE-2018-2810
CVE-2018-2818
CVE-2018-2839
CVE-2018-2778
CVE-2018-2779
CVE-2018-2781
CVE-2018-2816
CVE-2018-2846
CVE-2018-2769
CVE-2018-2776
CVE-2018-2762
CVE-2018-2771
CVE-2018-2813
CVE-2018-2773
|