CVE-2018-2576 – mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2576
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102695 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2576 https://bugzilla.redhat.com/show_bug.cgi?id=1535488 •
CVE-2018-2647 – mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2647
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102711 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2647 https://bugzilla.redhat.com/show_bug.cgi?id=1535503 •
CVE-2018-2622 – mysql: Server: DDL unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2622
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102706 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://access.redhat.com/errata/RHSA-2018:2439 https://access.redhat.com/errata/RHSA-2018:2729 https://access.redhat.com/errata/RHSA-2019:1258 https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html https://lists. •
CVE-2018-2590 – mysql: Server: Performance Schema unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2590
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102697 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2590 https://bugzilla.redhat.com/show_bug.cgi?id=1535492 •
CVE-2018-2703 – mysql: sha256_password authentication DoS via hash with large rounds value
https://notcve.org/view.php?id=CVE-2018-2703
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102704 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2703 https://bugzilla.redhat.com/show_bug.cgi?id=1534139 • CWE-770: Allocation of Resources Without Limits or Throttling •