CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-2773 – mysql: pid file can be created in a world-writeable directory (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2773
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103811 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:3655 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://security.netapp.com/advisory/ntap-20180419-0002 https://usn.ubuntu.com/3629-1 https://usn.ubuntu.com/3629-2 https://usn.ubuntu.com/3629-3 https:&#x •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2018-2813 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2813
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103830 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2018:3655 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://lists. •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2018-2816 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2816
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103789 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:3655 https://security.netapp.com/advisory/ntap-20180419-0002 https://usn.ubuntu.com/3629-1 https://usn.ubuntu.com/3629-3 https://access.redhat.com/security/cve/CVE-2018-2816 https://bugzilla.redhat.com/show_bug.cgi?id=1568953 •
CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2018-2818 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2018)
https://notcve.org/view.php?id=CVE-2018-2818
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103824 http://www.securitytracker.com/id/1040698 https://access.redhat.com/errata/RHSA-2018:1254 https://access.redhat.com/errata/RHSA-2018:3655 https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html https://security.netapp.com/advisory/ntap-20180419-0002 https://usn.ubuntu.com/3629-1 https://usn.ubuntu.com/3629-2 https://usn.ubuntu.com/3629-3 https:&#x •
CVSS: 3.1EPSS: 0%CPEs: 28EXPL: 0CVE-2018-2790 – OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969)
https://notcve.org/view.php?id=CVE-2018-2790
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103877 http://www.securitytracker.com/id/1040697 https://access.redhat.com/errata/RHSA-2018:1188 https://access.redhat.com/errata/RHSA-2018:1191 https://access.redhat.com/errata/RHSA-2018:1201 https://access.redhat.com/errata/RHSA-2018:1202 https://access.redhat.com/errata/RHSA-2018:1203 https://access.redhat.com/errata/RHSA-2018:1204 https://access.redhat.com/errata/ • CWE-347: Improper Verification of Cryptographic Signature •