CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2696 – mysql: sha256_password authentication DoS via long password
https://notcve.org/view.php?id=CVE-2018-2696
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102701 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2696 https://bugzilla.redhat.com/show_bug.cgi?id=1509475 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2600 – mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2600
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102696 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2600 https://bugzilla.redhat.com/show_bug.cgi?id=1535496 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2583 – mysql: Stored Procedure unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2583
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102708 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2583 https://bugzilla.redhat.com/show_bug.cgi?id=1535490 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2646 – mysql: Server: DML unspecified vulnerability (CPU Jan 2018)
https://notcve.org/view.php?id=CVE-2018-2646
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102703 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2646 https://bugzilla.redhat.com/show_bug.cgi?id=1535502 •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2703 – mysql: sha256_password authentication DoS via hash with large rounds value
https://notcve.org/view.php?id=CVE-2018-2703
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102704 http://www.securitytracker.com/id/1040216 https://access.redhat.com/errata/RHSA-2018:0586 https://access.redhat.com/errata/RHSA-2018:0587 https://security.netapp.com/advisory/ntap-20180117-0002 https://usn.ubuntu.com/3537-1 https://access.redhat.com/security/cve/CVE-2018-2703 https://bugzilla.redhat.com/show_bug.cgi?id=1534139 • CWE-770: Allocation of Resources Without Limits or Throttling •