Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Oracle MySQL Risk Matrix
- This Critical Patch Update contains 25 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here.
- CVE# Product Component Protocol Remote
- Exploit
- without
- Auth.? CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
- Base
- Score Attack
- Vector Attack
- Complex Privs
- Req'd User
- Interact Scope Confid-
- entiality Inte-
- grity Avail-
- ability
- CVE-2017-12617 MySQL Enterprise Monitor Monitoring: General (Apache Tomcat) HTTPS (HTTP over TLS) Yes 8.1 Network High None None Un-
- changed High High High 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior
- CVE-2018-2585 MySQL Connectors Connector/Net MySQL Protocol Yes 7.5 Network Low None None Un-
- changed None None High 6.9.9 and prior, 6.10.4 and prior
- CVE-2018-2696 MySQL Server Server : Security : Privileges MySQL Protocol Yes 7.5 Network Low None None Un-
- changed None None High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2562 MySQL Server Server : Partition MySQL Protocol No 7.1 Network Low Low None Un-
- changed None Low High 5.5.58 and prior, 5.6.38 and prior, 5.7.19 and prior
- CVE-2018-2583 MySQL Server Stored Procedure MySQL Protocol No 6.8 Network Low High None Changed None None High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2612 MySQL Server InnoDB MySQL Protocol No 6.5 Network Low High None Un-
- changed None High High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2703 MySQL Server Server : Security : Privileges MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2622 MySQL Server Server: DDL MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2573 MySQL Server Server: GIS MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2640 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2665 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2668 MySQL Server Server: Optimizer MySQL Protocol No 6.5 Network Low Low None Un-
- changed None None High 5.5.58 and prior, 5.6.38 and prior, 5.7.20 and prior
- CVE-2017-3736 MySQL Connectors Connector/ODBC (OpenSSL) MySQL Protocol Yes 5.9 Network High None None Un-
- changed High None None 5.3.9 and prior
- CVE-2017-3736 MySQL Enterprise Monitor Monitoring: General (OpenSSL) HTTPS (HTTP over TLS) Yes 5.9 Network High None None Un-
- changed High None None 3.3.6.3293 and prior, 3.4.4.4226 and prior, 4.0.0.5135 and prior
- CVE-2017-3737 MySQL Server Server: Packaging (OpenSSL) MySQL Protocol Yes 5.9 Network High None None Un-
- changed High None None 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2647 MySQL Server Server: Replication MySQL Protocol No 5.5 Network Low High None Un-
- changed None Low High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2591 MySQL Server Server : Partition MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.6.38 and prior, 5.7.19 and prior
- CVE-2018-2576 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2586 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2646 MySQL Server Server: DML MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2565 MySQL Server Server: InnoDB MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2600 MySQL Server Server: Optimizer MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2667 MySQL Server Server: Optimizer MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.7.20 and prior
- CVE-2018-2590 MySQL Server Server: Performance Schema MySQL Protocol No 4.9 Network Low High None Un-
- changed None None High 5.6.38 and prior, 5.7.20 and prior
- CVE-2018-2645 MySQL Server Server: Performance Schema MySQL Protocol No 4.9 Network Low High None Un-
- changed High None None 5.6.38 and prior, 5.7.20 and prior
- Additional CVEs addressed are below:
- The fix for CVE-2017-3736 also addresses CVE-2017-3735.
- The fix for CVE-2017-3737 also addresses CVE-2017-3738.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement