- Home
- CVEs with nessus.description==The+version+of+MySQL+running+on+the+remote+host+is+5.6.x+prior+to+5.6.36.+It+is%2C+therefore%2C+affected+by+multiple+vulnerabilities+%3A%0A%0A++-+A+carry+propagation+error+exists+in+the+OpenSSL+++++component+in+the+Broadwell-specific+Montgomery+++++multiplication+procedure+when+handling+input+lengths+++++divisible+by+but+longer+than+256+bits.+This+can+result+++++in+transient+authentication+and+key+negotiation+failures+++++or+reproducible+erroneous+outcomes+of+public-key+++++operations+with+specially+crafted+input.+A+++++man-in-the-middle+attacker+can+possibly+exploit+this+++++issue+to+compromise+ECDH+key+negotiations+that+utilize+++++Brainpool+P-512+curves.+%28CVE-2016-7055%29%0A%0A++-+An+authentication+information+disclosure+vulnerability%2C+++++known+as+Riddle%2C+exists+due+to+authentication+being+++++performed+prior+to+security+parameter+verification.+A+++++man-in-the-middle+%28MitM%29+attacker+can+exploit+this+++++vulnerability+to+disclose+sensitive+authentication+++++information%2C+which+the+attacker+can+later+use+for+++++authenticating+to+the+server.+%28CVE-2017-3305%29%0A%0A++-+Multiple+unspecified+flaws+exist+in+the+DML+subcomponent+++++that+allow+an+authenticated%2C+remote+attacker+to+cause+a+++++denial+of+service+condition.+%28CVE-2017-3308%2C+++++CVE-2017-3456%29%0A%0A++-+Multiple+unspecified+flaws+exist+in+the+Optimizer+++++subcomponent+that+allow+an+authenticated%2C+remote+++++attacker+to+cause+a+denial+of+service+condition.%0A++++%28CVE-2017-3309%2C+CVE-2017-3452%2C+CVE-2017-3453%29%0A%0A++-+An+unspecified+flaw+exists+in+the+Thread+Pooling+++++subcomponent+that+allows+an+unauthenticated%2C+remote+++++attacker+to+cause+a+denial+of+service+condition.%0A++++%28CVE-2017-3329%29%0A%0A++-+An+unspecified+flaw+exists+in+the+Memcached+subcomponent+++++that+allows+an+unauthenticated%2C+remote+attacker+to+cause+++++a+denial+of+service+condition.+%28CVE-2017-3450%29%0A%0A++-+Multiple+unspecified+flaws+exist+in+the+++++%27Security%3A+Privileges%27+subcomponent+that+allow+an+++++authenticated%2C+remote+attacker+to+cause+a+denial+of+++++service+condition.+%28CVE-2017-3461%2C+CVE-2017-3462%2C+++++CVE-2017-3463%29%0A%0A++-+An+unspecified+flaw+exists+in+the+DDL+subcomponent+that+++++allows+an+authenticated%2C+remote+attacker+to+update%2C+++++insert%2C+or+delete+data+contained+in+the+database.%0A++++%28CVE-2017-3464%29%0A%0A++-+An+unspecified+flaw+exists+in+the+Pluggable+Auth+++++subcomponent+that+allows+an+unauthenticated%2C+remote+++++attacker+to+cause+a+denial+of+service+condition.%0A++++%28CVE-2017-3599%29%0A%0A++-+An+unspecified+flaw+exists+in+the+%27Client+mysqldump%27+++++subcomponent+that+allows+an+authenticated%2C+remote+++++attacker+to+execute+arbitrary+code.+%28CVE-2017-3600%29%0A%0A++-+An+out-of-bounds+read+error+exists+in+the+OpenSSL+++++component+when+handling+packets+using+the+++++CHACHA20%2FPOLY1305+or+RC4-MD5+ciphers.+An+++++unauthenticated%2C+remote+attacker+can+exploit+this%2C+via+++++specially+crafted+truncated+packets%2C+to+cause+a+denial+++++of+service+condition.+%28CVE-2017-3731%29%0A%0A++-+A+carry+propagating+error+exists+in+the+OpenSSL+++++component+in+the+x86_64+Montgomery+squaring+++++implementation+that+may+cause+the+BN_mod_exp%28%29+function+++++to+produce+incorrect+results.+An+unauthenticated%2C+remote+++++attacker+with+sufficient+resources+can+exploit+this+to+++++obtain+sensitive+information+regarding+private+keys.%0A++++%28CVE-2017-3732%29%0A%0ANote+that+Nessus+has+not+tested+for+these+issues+but+has+instead+relied+only+on+the+application%27s+self-reported+version+number
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top