CVE-2017-3461 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3461
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97812 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3461 https://bugzilla.redhat.com/show_bug.cgi?id=1443376 •
CVE-2017-3599 – MySQL < 5.6.35 / < 5.7.17 - Integer Overflow
https://notcve.org/view.php?id=CVE-2017-3599
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). • https://www.exploit-db.com/exploits/41954 https://github.com/SECFORCE/CVE-2017-3599 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97754 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos https://access.redhat.com/security/cve/CVE-2017-3599 https:/ • CWE-190: Integer Overflow or Wraparound •
CVE-2017-3329
https://notcve.org/view.php?id=CVE-2017-3329
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97763 http://www.securitytracker.com/id/1038287 •
CVE-2017-3600 – mysql: Incorrect input validation allowing code execution via mysqldump
https://notcve.org/view.php?id=CVE-2017-3600
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. • http://rhn.redhat.com/errata/RHSA-2016-2927.html http://rhn.redhat.com/errata/RHSA-2016-2928.html http://www.debian.org/security/2017/dsa-3834 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97765 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2192 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/secur • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2017-3463 – mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2017)
https://notcve.org/view.php?id=CVE-2017-3463
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.debian.org/security/2017/dsa-3834 http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html http://www.securityfocus.com/bid/97849 http://www.securitytracker.com/id/1038287 https://access.redhat.com/errata/RHSA-2017:2787 https://access.redhat.com/errata/RHSA-2017:2886 https://access.redhat.com/security/cve/CVE-2017-3463 https://bugzilla.redhat.com/show_bug.cgi?id=1443378 •