FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  485185
Date:      2018-11-17
Time:      18:00:17Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
909be51b-9b3b-11e8-add2-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7


Discovery 2018-07-17
Entry 2018-08-08
mariadb55-server
lt 5.5.61

mariadb100-server
lt 10.0.36

mariadb101-server
lt 10.1.35

mariadb102-server
lt 10.2.17

mariadb103-server
lt 10.3.9

mysql55-server
lt 5.5.61

mysql56-server
lt 5.6.41

mysql57-server
lt 5.7.23

mysql80-server
lt 8.0.12

percona55-server
lt 5.5.61

percona56-server
lt 5.6.41

percona57-server
lt 5.7.23

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CVE-2018-3064
CVE-2018-0739
CVE-2018-3070
CVE-2018-3060
CVE-2018-3065
CVE-2018-3073
CVE-2018-3074
CVE-2018-3081
CVE-2018-3071
CVE-2018-3079
CVE-2018-3054
CVE-2018-3077
CVE-2018-3078
CVE-2018-3080
CVE-2018-3061
CVE-2018-3067
CVE-2018-3063
CVE-2018-3075
CVE-2018-3058
CVE-2018-3056
CVE-2018-3066
CVE-2018-2767
CVE-2018-3084
CVE-2018-3082
e3445736-fd01-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Not all vulnerabilities are relevant for all flavors/versions of the servers and clients

  • Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703, Partition: CVE-2018-2562.
  • Vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576, CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema: CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600, CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication: CVE-2018-2647.
  • Vulnerability allows a low or high privileged attacker with network access via multiple protocols to compromise MySQL Server with unauthorized creation, deletion, modification or access to data/ critical data. InnoDB: CVE-2018-2612, Performance Schema: CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.

Discovery 2017-01-18
Entry 2018-01-19
mariadb55-server
lt 5.5.59

mariadb100-server
lt 10.0.34

mariadb101-server
lt 10.1.31

mariadb102-server
lt 10.2.13

mysql55-server
lt 5.5.59

mysql56-server
lt 5.6.39

mysql57-server
lt 5.7.21

percona55-server
lt 5.5.59

percona56-server
lt 5.6.39

percona57-server
lt 5.7.21

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
https://mariadb.com/kb/en/library/mariadb-5559-release-notes/
CVE-2018-2562
CVE-2018-2565
CVE-2018-2573
CVE-2018-2576
CVE-2018-2583
CVE-2018-2586
CVE-2018-2590
CVE-2018-2591
CVE-2018-2600
CVE-2018-2612
CVE-2018-2622
CVE-2018-2640
CVE-2018-2645
CVE-2018-2646
CVE-2018-2647
CVE-2018-2665
CVE-2018-2667
CVE-2018-2668
CVE-2018-2696
CVE-2018-2703
d9e01c35-2531-11e7-b291-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

This Critical Patch Update contains 39 new security fixes for Oracle MySQL. 11 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.


Discovery 2017-04-19
Entry 2017-04-19
mariadb55-server
lt 5.5.55

mariadb100-server
lt 10.0.31

mariadb101-server
lt 10.1.23

mysql55-server
lt 5.5.55

mysql56-server
lt 5.6.36

mysql57-server
lt 5.7.18

http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
CVE-2017-3308
CVE-2017-3309
CVE-2017-3450
CVE-2017-3599
CVE-2017-3329
CVE-2017-3600
CVE-2017-3331
CVE-2017-3453
CVE-2017-3452
CVE-2017-3454
CVE-2017-3455
CVE-2017-3305
CVE-2017-3460
CVE-2017-3456
CVE-2017-3458
CVE-2017-3457
CVE-2017-3459
CVE-2017-3463
CVE-2017-3462
CVE-2017-3461
CVE-2017-3464
CVE-2017-3465
CVE-2017-3467
CVE-2017-3468
c41bedfd-b3f9-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Please reference CVE/URL list for details


Discovery 2017-10-18
Entry 2017-10-18
Modified 2017-12-23
mariadb55-server
lt 5.5.58

mariadb100-server
lt 10.0.33

mariadb101-server
lt 10.1.29

mariadb102-server
lt 10.2.10

mysql55-server
lt 5.5.58

mysql56-server
lt 5.6.38

mysql57-server
lt 5.7.20

percona55-server
lt 5.5.58

percona56-server
lt 5.6.38

percona57-server
lt 5.7.20

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10155
CVE-2017-10379
CVE-2017-10384
CVE-2017-10276
CVE-2017-10167
CVE-2017-10378
CVE-2017-10277
CVE-2017-10203
CVE-2017-10283
CVE-2017-10313
CVE-2017-10296
CVE-2017-10311
CVE-2017-10320
CVE-2017-10314
CVE-2017-10227
CVE-2017-10279
CVE-2017-10294
CVE-2017-10165
CVE-2017-10284
CVE-2017-10286
CVE-2017-10268
CVE-2017-10365
cda2f3c2-6c8b-11e7-867f-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Please reference CVE/URL list for details


Discovery 2017-07-19
Entry 2017-07-19
Modified 2017-08-12
mariadb55-server
lt 5.5.57

mariadb100-server
lt 10.0.32

mariadb101-server
lt 10.1.26

mariadb102-server
lt 10.2.6

mysql55-server
lt 5.5.57

mysql56-server
lt 5.6.37

mysql57-server
lt 5.7.19

percona55-server
lt 5.5.57

percona56-server
lt 5.6.37

percona57-server
lt 5.7.19

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html#AppendixMSQL
CVE-2017-3529
CVE-2017-3633
CVE-2017-3634
CVE-2017-3635
CVE-2017-3636
CVE-2017-3637
CVE-2017-3638
CVE-2017-3639
CVE-2017-3640
CVE-2017-3641
CVE-2017-3642
CVE-2017-3643
CVE-2017-3644
CVE-2017-3645
CVE-2017-3646
CVE-2017-3647
CVE-2017-3648
CVE-2017-3649
CVE-2017-3650
CVE-2017-3651
CVE-2017-3652
CVE-2017-3653
57aec168-453e-11e8-8777-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

  • A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755].
  • A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819].
  • A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818].
  • A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817].
  • A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816].
  • A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773].
  • A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787].
  • A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812].
  • A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].
  • A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839].
  • A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846].
  • A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769].
  • A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776].
  • A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762].
  • A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771].
  • A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].

Discovery 2018-04-17
Entry 2018-04-21
mariadb55-server
lt 5.5.60

mariadb100-server
lt 10.0.35

mariadb101-server
lt 10.1.33

mariadb102-server
lt 10.2.15

mysql55-server
lt 5.5.60

mysql56-server
lt 5.6.40

mysql57-server
lt 5.7.22

percona55-server
lt 5.5.60

percona56-server
lt 5.6.40

percona57-server
lt 5.7.22

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CVE-2018-2755
CVE-2018-2805
CVE-2018-2782
CVE-2018-2784
CVE-2018-2819
CVE-2018-2758
CVE-2018-2817
CVE-2018-2775
CVE-2018-2780
CVE-2018-2761
CVE-2018-2786
CVE-2018-2787
CVE-2018-2812
CVE-2018-2877
CVE-2018-2759
CVE-2018-2766
CVE-2018-2777
CVE-2018-2810
CVE-2018-2818
CVE-2018-2839
CVE-2018-2778
CVE-2018-2779
CVE-2018-2781
CVE-2018-2816
CVE-2018-2846
CVE-2018-2769
CVE-2018-2776
CVE-2018-2762
CVE-2018-2771
CVE-2018-2813
CVE-2018-2773