API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 16th, 2018
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.03 KB | None | 0 0
raw download clone embed print report
  1. Oracle MySQL Risk Matrix
  2.  
  3. This Critical Patch Update contains 25 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
  4.  
  5.  
  6. CVE# Product Component Protocol Remote
  7. Exploit
  8. without
  9. Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
  10. Base
  11. Score Attack
  12. Vector Attack
  13. Complex Privs
  14. Req'd User
  15. Interact Scope Confid-
  16. entiality Inte-
  17. grity Avail-
  18. ability
  19. CVE-2017-12617 MySQL Enterprise Monitor Monitoring: General (Apache Tomcat) HTTPS (HTTP over TLS) Yes 8.1 Network High None None Un-
  20. changed High High High 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior
  21. CVE-2018-2585 MySQL Connectors Connector/Net MySQL Protocol Yes 7.5 Network Low None None Un-
  22. changed None None High 6.9.9 and prior, 6.10.4 and prior
  23. CVE-2018-2696 MySQL Server Server : Security : Privileges MySQL Protocol Yes 7.5 Network Low None None Un-
  24. changed None None High 5.6.38 and prior, 5.7.20 and prior
  25. CVE-2018-2562 MySQL Server Server : Partition MySQL Protocol No 7.1 Network Low Low None Un-
  26. changed None Low High 5.5.58 and prior, 5.6.38 and prior, 5.7.19 and prior
  27. CVE-2018-2583 MySQL Server Stored Procedure MySQL Protocol No 6.8 Network Low High None Changed None None High 5.6.38 and prior, 5.7.20 and prior
  28. CVE-2018-2612 MySQL Server InnoDB MySQL Protocol No 6.5 Network Low High None Un-
  29. changed None High High 5.6.38 and prior, 5.7.20 and prior
  30. CVE-2018-2703 MySQL Server Server : Security : Privileges MySQL Protocol No 6.5 Network Low Low None Un-
  31. changed None None High 5.6.38 and prior, 5.7.20 and prior
  32. CVE-2018-2622 MySQL Server Server: DDL MySQL Protocol No 6.5 Network Low Low None Un-
  33. changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
  34. CVE-2018-2573 MySQL Server Server: GIS MySQL Protocol No 6.5 Network Low Low None Un-
  35. changed None None High 5.6.38 and prior, 5.7.20 and prior
  36. CVE-2018-2640 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
  37. changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
  38. CVE-2018-2665 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
  39. changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
  40. CVE-2018-2668 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
  41. changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
  42. CVE-2017-3736 MySQL Connectors Connector/ODBC (OpenSSL) MySQL Protocol Yes 5.9 Network High None None Un-
  43. changed High None None 5.3.9 and prior
  44. CVE-2017-3736 MySQL Enterprise Monitor Monitoring: General (OpenSSL) HTTPS (HTTP over TLS) Yes 5.9 Network High None None Un-
  45. changed High None None 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior
  46. CVE-2017-3737 MySQL Server Server: Packaging (OpenSSL) MySQL Protocol Yes 5.9 Network High None None Un-
  47. changed High None None 5.6.38 and prior, 5.7.20 and prior
  48. CVE-2018-2647 MySQL Server Server: Replication MySQL Protocol No 5.5 Network Low High None Un-
  49. changed None Low High 5.6.38 and prior, 5.7.20 and prior
  50. CVE-2018-2591 MySQL Server Server : Partition MySQL Protocol No 4.9 Network Low High None Un-
  51. changed None None High 5.6.38 and prior, 5.7.19 and prior
  52. CVE-2018-2576 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
  53. changed None None High 5.7.20 and prior
  54. CVE-2018-2586 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
  55. changed None None High 5.7.20 and prior
  56. CVE-2018-2646 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
  57. changed None None High 5.7.20 and prior
  58. CVE-2018-2565 MySQL Server Server: InnoDB MySQL Protocol No 4.9 Network Low High None Un-
  59. changed None None High 5.7.20 and prior
  60. CVE-2018-2600 MySQL Server Server: Optimizer MySQL Protocol No 4.9 Network Low High None Un-
  61. changed None None High 5.7.20 and prior
  62. CVE-2018-2667 MySQL Server Server: Optimizer MySQL Protocol No 4.9 Network Low High None Un-
  63. changed None None High 5.7.20 and prior
  64. CVE-2018-2590 MySQL Server Server: Performance Schema MySQL Protocol No 4.9 Network Low High None Un-
  65. changed None None High 5.6.38 and prior, 5.7.20 and prior
  66. CVE-2018-2645 MySQL Server Server: Performance Schema MySQL Protocol No 4.9 Network Low High None Un-
  67. changed High None None 5.6.38 and prior, 5.7.20 and prior
  68.  
  69.  
  70. Additional CVEs addressed are below:
  71.  
  72. The fix for CVE-2017-3736 also addresses CVE-2017-3735.
  73. The fix for CVE-2017-3737 also addresses CVE-2017-3738.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!