FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  484934
Date:      2018-11-14
Time:      17:54:24Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c41bedfd-b3f9-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Please reference CVE/URL list for details


Discovery 2017-10-18
Entry 2017-10-18
Modified 2017-12-23
mariadb55-server
lt 5.5.58

mariadb100-server
lt 10.0.33

mariadb101-server
lt 10.1.29

mariadb102-server
lt 10.2.10

mysql55-server
lt 5.5.58

mysql56-server
lt 5.6.38

mysql57-server
lt 5.7.20

percona55-server
lt 5.5.58

percona56-server
lt 5.6.38

percona57-server
lt 5.7.20

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10155
CVE-2017-10379
CVE-2017-10384
CVE-2017-10276
CVE-2017-10167
CVE-2017-10378
CVE-2017-10277
CVE-2017-10203
CVE-2017-10283
CVE-2017-10313
CVE-2017-10296
CVE-2017-10311
CVE-2017-10320
CVE-2017-10314
CVE-2017-10227
CVE-2017-10279
CVE-2017-10294
CVE-2017-10165
CVE-2017-10284
CVE-2017-10286
CVE-2017-10268
CVE-2017-10365
57aec168-453e-11e8-8777-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

  • A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755].
  • A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819].
  • A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818].
  • A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817].
  • A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816].
  • A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773].
  • A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787].
  • A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812].
  • A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877].
  • A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].
  • A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839].
  • A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846].
  • A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769].
  • A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776].
  • A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762].
  • A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771].
  • A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].

Discovery 2018-04-17
Entry 2018-04-21
mariadb55-server
lt 5.5.60

mariadb100-server
lt 10.0.35

mariadb101-server
lt 10.1.33

mariadb102-server
lt 10.2.15

mysql55-server
lt 5.5.60

mysql56-server
lt 5.6.40

mysql57-server
lt 5.7.22

percona55-server
lt 5.5.60

percona56-server
lt 5.6.40

percona57-server
lt 5.7.22

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
CVE-2018-2755
CVE-2018-2805
CVE-2018-2782
CVE-2018-2784
CVE-2018-2819
CVE-2018-2758
CVE-2018-2817
CVE-2018-2775
CVE-2018-2780
CVE-2018-2761
CVE-2018-2786
CVE-2018-2787
CVE-2018-2812
CVE-2018-2877
CVE-2018-2759
CVE-2018-2766
CVE-2018-2777
CVE-2018-2810
CVE-2018-2818
CVE-2018-2839
CVE-2018-2778
CVE-2018-2779
CVE-2018-2781
CVE-2018-2816
CVE-2018-2846
CVE-2018-2769
CVE-2018-2776
CVE-2018-2762
CVE-2018-2771
CVE-2018-2813
CVE-2018-2773
909be51b-9b3b-11e8-add2-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Multiple vulnerabilities have been disclosed by Oracle without further detail. CVSS scores 7.1 - 2.7


Discovery 2018-07-17
Entry 2018-08-08
mariadb55-server
lt 5.5.61

mariadb100-server
lt 10.0.36

mariadb101-server
lt 10.1.35

mariadb102-server
lt 10.2.17

mariadb103-server
lt 10.3.9

mysql55-server
lt 5.5.61

mysql56-server
lt 5.6.41

mysql57-server
lt 5.7.23

mysql80-server
lt 8.0.12

percona55-server
lt 5.5.61

percona56-server
lt 5.6.41

percona57-server
lt 5.7.23

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CVE-2018-3064
CVE-2018-0739
CVE-2018-3070
CVE-2018-3060
CVE-2018-3065
CVE-2018-3073
CVE-2018-3074
CVE-2018-3081
CVE-2018-3071
CVE-2018-3079
CVE-2018-3054
CVE-2018-3077
CVE-2018-3078
CVE-2018-3080
CVE-2018-3061
CVE-2018-3067
CVE-2018-3063
CVE-2018-3075
CVE-2018-3058
CVE-2018-3056
CVE-2018-3066
CVE-2018-2767
CVE-2018-3084
CVE-2018-3082
e3445736-fd01-11e7-ac58-b499baebfeafMySQL -- multiple vulnerabilities

Oracle reports:

Not all vulnerabilities are relevant for all flavors/versions of the servers and clients

  • Vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. GIS: CVE-2018-2573, DDL CVE-2018-2622, Optimizer: CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, Security:Privileges: CVE-2018-2703, Partition: CVE-2018-2562.
  • Vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. InnoDB: CVE-2018-2565, CVE-2018-2612 DML: CVE-2018-2576, CVE-2018-2646, Stored Procedure: CVE-2018-2583, Performance Schema: CVE-2018-2590, Partition: CVE-2018-2591, Optimizer: CVE-2018-2600, CVE-2018-2667, Security:Privileges: CVE-2018-2696, Replication: CVE-2018-2647.
  • Vulnerability allows a low or high privileged attacker with network access via multiple protocols to compromise MySQL Server with unauthorized creation, deletion, modification or access to data/ critical data. InnoDB: CVE-2018-2612, Performance Schema: CVE-2018-2645, Replication: CVE-2018-2647, Partition: CVE-2018-2562.

Discovery 2017-01-18
Entry 2018-01-19
mariadb55-server
lt 5.5.59

mariadb100-server
lt 10.0.34

mariadb101-server
lt 10.1.31

mariadb102-server
lt 10.2.13

mysql55-server
lt 5.5.59

mysql56-server
lt 5.6.39

mysql57-server
lt 5.7.21

percona55-server
lt 5.5.59

percona56-server
lt 5.6.39

percona57-server
lt 5.7.21

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
https://mariadb.com/kb/en/library/mariadb-5559-release-notes/
CVE-2018-2562
CVE-2018-2565
CVE-2018-2573
CVE-2018-2576
CVE-2018-2583
CVE-2018-2586
CVE-2018-2590
CVE-2018-2591
CVE-2018-2600
CVE-2018-2612
CVE-2018-2622
CVE-2018-2640
CVE-2018-2645
CVE-2018-2646
CVE-2018-2647
CVE-2018-2665
CVE-2018-2667
CVE-2018-2668
CVE-2018-2696
CVE-2018-2703