CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3457 – mysql: Server: DML unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3457
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97845 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3457 https://bugzilla.redhat.com/show_bug.cgi?id=1443371 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-3450 – mysql: Server: Memcached unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3450
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97747 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3450 https://bugzilla.redhat.com/show_bug.cgi?id=1443363 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3455 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3455
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97820 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3455 https://bugzilla.redhat.com/show_bug.cgi?id=1443368 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3467 – mysql: Server: C API unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3467
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97825 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3467 https://bugzilla.redhat.com/show_bug.cgi?id=1443382 •
CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0CVE-2017-3302 – mysql: prepared statement handle use-after-free after disconnect
https://notcve.org/view.php?id=CVE-2017-3302
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. Caída en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versión 5.5.54, 10.0.x hasta la versión 10.0.29, 10.1.x hasta la versión 10.1.21 y 10.2.x hasta la versión 10.2.3. A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. • http://www.debian.org/security/2017/dsa-3809 http://www.debian.org/security/2017/dsa-3834 http://www.openwall.com/lists/oss-security/2017/02/11/11 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/96162 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2018:0279 https://access.redhat.c • CWE-416: Use After Free •