3 results (0.002 seconds)

CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101439 http://www.securitytracker.com/id/1039597 https://security.netapp.com/advisory/ntap-20171019-0002 •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101324 http://www.securitytracker.com/id/1039597 https://security.netapp.com/advisory/ntap-20171019-0002 •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1

MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate. MySQL Connector/NET anterior a v6.0.4, cuando se utiliza encriptación, no verificar los certificados SSL durante la conexión, lo cual permite a atacantes remotos llevar a cabo un ataque "man-in-the-middle" (hombre en el medio) con un certificado SSL falso. • http://bugs.mysql.com/bug.php?id=38700 http://secunia.com/advisories/35604 http://www.securityfocus.com/bid/35514 http://www.securitytracker.com/id?1022482 https://exchange.xforce.ibmcloud.com/vulnerabilities/51406 • CWE-20: Improper Input Validation •