- Home
- CVEs with nessus.description==The version of MySQL running on the remote host is 5.5.x prior to
5.5.54. It is, therefore, affected by multiple vulnerabilities :
- An unspecified flaw exists in the Optimizer subcomponent
that allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3238)
- An unspecified flaw exists in the Charsets subcomponent
that allows an authenticated, remote attacker to cause
a denial of service condition. (CVE-2017-3243)
- An unspecified flaw exists in the DML subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3244)
- An unspecified flaw exists in the DDL subcomponent that
allows an authenticated, remote attacker to cause a
denial of service condition. (CVE-2017-3258)
- An unspecified flaw exists in the Packaging subcomponent
that allows a local attacker to impact confidentiality
and availability. (CVE-2017-3265)
- Multiple unspecified flaws exist in the Packaging
subcomponent that allow a local attacker to gain
elevated privileges. (CVE-2017-3291, CVE-2017-3312)
- An unspecified flaw exists in the MyISAM subcomponent
that allows a local attacker to disclose sensitive
information. (CVE-2017-3313)
- An unspecified flaw exists in the Logging subcomponent
that allows a local attacker to cause a denial of
service condition. (CVE-2017-3317)
- An unspecified flaw exists in the Error Handling
subcomponent that allows a local attacker to disclose
sensitive information. (CVE-2017-3318)
- A local privilege escalation vulnerability exists in the
mysqld_safe component due to unsafe use of the 'rm' and
'chown' commands. A local attacker can exploit this to
gain elevated privileges.
- An unspecified flaw exists in the mysqld_safe component
that allows an authenticated, remote attacker to have an
unspecified impact.
- An overflow condition exists in the Optimizer component
due to improper validation of user-supplied input when
handling nested expressions. An authenticated, remote
attacker can exploit this to cause a stack-based buffer
overflow, resulting in a denial of service condition.
- An unspecified flaw exists when handling a CREATE TABLE
query with a DATA DIRECTORY clause. An authenticated,
remote attacker can exploit this to gain elevated
privileges.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top