VuXML: MySQL -- multiple vulnerabilities

VuXML ID	57aec168-453e-11e8-8777-b499baebfeaf
Discovery	2018-04-17
Entry	2018-04-21

Oracle reports:

MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges

A local user can exploit a flaw in the Replication component to gain elevated privileges [CVE-2018-2755].

A remote authenticated user can exploit a flaw in the GIS Extension component to cause denial of service conditions [CVE-2018-2805].

A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2782, CVE-2018-2784, CVE-2018-2819].

A remote authenticated user can exploit a flaw in the Security Privileges component to cause denial of service conditions [CVE-2018-2758, CVE-2018-2818].

A remote authenticated user can exploit a flaw in the DDL component to cause denial of service conditions [CVE-2018-2817].

A remote authenticated user can exploit a flaw in the Optimizer component to cause denial of service conditions [CVE-2018-2775, CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781, CVE-2018-2816].

A remote user can exploit a flaw in the Client programs component to cause denial of service conditions [CVE-2018-2761, CVE-2018-2773].

A remote authenticated user can exploit a flaw in the InnoDB component to partially modify data and cause denial of service conditions [CVE-2018-2786, CVE-2018-2787].

A remote authenticated user can exploit a flaw in the Optimizer component to partially modify data and cause denial of service conditions [CVE-2018-2812].

A local user can exploit a flaw in the Cluster ndbcluster/plugin component to cause denial of service conditions [CVE-2018-2877].

A remote authenticated user can exploit a flaw in the InnoDB component to cause denial of service conditions [CVE-2018-2759, CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].

A remote authenticated user can exploit a flaw in the DML component to cause denial of service conditions [CVE-2018-2839].

A remote authenticated user can exploit a flaw in the Performance Schema component to cause denial of service conditions [CVE-2018-2846].

A remote authenticated user can exploit a flaw in the Pluggable Auth component to cause denial of service conditions [CVE-2018-2769].

A remote authenticated user can exploit a flaw in the Group Replication GCS component to cause denial of service conditions [CVE-2018-2776].

A local user can exploit a flaw in the Connection component to cause denial of service conditions [CVE-2018-2762].

A remote authenticated user can exploit a flaw in the Locking component to cause denial of service conditions [CVE-2018-2771].

A remote authenticated user can exploit a flaw in the DDL component to partially access data [CVE-2018-2813].

[source]

CVE Name	CVE-2018-2755
CVE Name	CVE-2018-2758
CVE Name	CVE-2018-2759
CVE Name	CVE-2018-2761
CVE Name	CVE-2018-2762
CVE Name	CVE-2018-2766
CVE Name	CVE-2018-2769
CVE Name	CVE-2018-2771
CVE Name	CVE-2018-2773
CVE Name	CVE-2018-2775
CVE Name	CVE-2018-2776
CVE Name	CVE-2018-2777
CVE Name	CVE-2018-2778
CVE Name	CVE-2018-2779
CVE Name	CVE-2018-2780
CVE Name	CVE-2018-2781
CVE Name	CVE-2018-2782
CVE Name	CVE-2018-2784
CVE Name	CVE-2018-2786
CVE Name	CVE-2018-2787
CVE Name	CVE-2018-2805
CVE Name	CVE-2018-2810
CVE Name	CVE-2018-2812
CVE Name	CVE-2018-2813
CVE Name	CVE-2018-2816
CVE Name	CVE-2018-2817
CVE Name	CVE-2018-2818
CVE Name	CVE-2018-2819
CVE Name	CVE-2018-2839
CVE Name	CVE-2018-2846
CVE Name	CVE-2018-2877
URL	http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

MySQL -- multiple vulnerabilities

Details

References