CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
70.9%
Oracle reports:
MySQL Multiple Flaws Let Remote Authenticated Users Access and
Modify Data, Remote and Local Users Deny Service, and Local Users
Access Data and Gain Elevated Privileges
A local user can exploit a flaw in the Replication component
to gain elevated privileges [CVE-2018-2755].
A remote authenticated user can exploit a flaw in the GIS
Extension component to cause denial of service conditions
[CVE-2018-2805].
A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2782,
CVE-2018-2784, CVE-2018-2819].
A remote authenticated user can exploit a flaw in the Security
Privileges component to cause denial of service conditions
[CVE-2018-2758, CVE-2018-2818].
A remote authenticated user can exploit a flaw in the DDL
component to cause denial of service conditions
[CVE-2018-2817].
A remote authenticated user can exploit a flaw in the Optimizer
component to cause denial of service conditions [CVE-2018-2775,
CVE-2018-2778, CVE-2018-2779, CVE-2018-2780, CVE-2018-2781,
CVE-2018-2816].
A remote user can exploit a flaw in the Client programs
component to cause denial of service conditions [CVE-2018-2761,
CVE-2018-2773].
A remote authenticated user can exploit a flaw in the InnoDB
component to partially modify data and cause denial of service
conditions [CVE-2018-2786, CVE-2018-2787].
A remote authenticated user can exploit a flaw in the Optimizer
component to partially modify data and cause denial of service
conditions [CVE-2018-2812].
A local user can exploit a flaw in the Cluster ndbcluster/plugin
component to cause denial of service conditions [CVE-2018-2877].
A remote authenticated user can exploit a flaw in the InnoDB
component to cause denial of service conditions [CVE-2018-2759,
CVE-2018-2766, CVE-2018-2777, CVE-2018-2810].
A remote authenticated user can exploit a flaw in the DML
component to cause denial of service conditions [CVE-2018-2839].
A remote authenticated user can exploit a flaw in the
Performance Schema component to cause denial of service conditions
[CVE-2018-2846].
A remote authenticated user can exploit a flaw in the Pluggable
Auth component to cause denial of service conditions
[CVE-2018-2769].
A remote authenticated user can exploit a flaw in the Group
Replication GCS component to cause denial of service conditions
[CVE-2018-2776].
A local user can exploit a flaw in the Connection component to
cause denial of service conditions [CVE-2018-2762].
A remote authenticated user can exploit a flaw in the Locking
component to cause denial of service conditions [CVE-2018-2771].
A remote authenticated user can exploit a flaw in the DDL
component to partially access data [CVE-2018-2813].
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mariadb55-server | < 5.5.60 | UNKNOWN |
FreeBSD | any | noarch | mariadb100-server | < 10.0.35 | UNKNOWN |
FreeBSD | any | noarch | mariadb101-server | < 10.1.33 | UNKNOWN |
FreeBSD | any | noarch | mariadb102-server | < 10.2.15 | UNKNOWN |
FreeBSD | any | noarch | mysql55-server | < 5.5.60 | UNKNOWN |
FreeBSD | any | noarch | mysql56-server | < 5.6.40 | UNKNOWN |
FreeBSD | any | noarch | mysql57-server | < 5.7.22 | UNKNOWN |
FreeBSD | any | noarch | percona55-server | < 5.5.60 | UNKNOWN |
FreeBSD | any | noarch | percona56-server | < 5.6.40 | UNKNOWN |
FreeBSD | any | noarch | percona57-server | < 5.7.22 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:N/I:N/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
70.9%