CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2017-3453 – mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3453
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97776 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •
CVSS: 7.7EPSS: 0%CPEs: 20EXPL: 0CVE-2017-3308 – mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3308
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. • http://www.debian.org/security/2017/dsa-3834 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97725 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2017-3464 – mysql: Server: DDL unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3464
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.debian.org/security/2017/dsa-3944 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97818 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.com/errata/RHSA& •
CVSS: 3.1EPSS: 0%CPEs: 24EXPL: 0CVE-2017-3539 – OpenJDK: MD5 allowed for jar verification (Security, 8171121)
https://notcve.org/view.php?id=CVE-2017-3539
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97752 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2017-3544 – OpenJDK: newline injection in the SMTP client (Networking, 8171533)
https://notcve.org/view.php?id=CVE-2017-3544
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. • http://www.debian.org/security/2017/dsa-3858 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97745 http://www.securitytracker.com/id/1038286 https://access.redhat.com/errata/RHSA-2017:1108 https://access.redhat.com/errata/RHSA-2017:1109 https://access.redhat.com/errata/RHSA-2017:1117 https://access.redhat.com/errata/RHSA-2017:1118 https://access.redhat.com/errata/RHSA-2017:1119 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation •