Skip to main content

Mysql Cluster CVE-2018-2877

MEDIUM
2018-04-19 secalert_us@oracle.com
5.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 19, 2018 - 02:29 nvd
MEDIUM 5.0

DescriptionNVD

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).

AnalysisAI

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Technical ContextAI

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). Affected products include: Oracle Mysql Cluster.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-22931 CRITICAL POC
9.8 Aug 16

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to miss

CVE-2020-8174 HIGH POC
8.1 Jul 24

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. Rated high

CVE-2021-22884 HIGH POC
7.5 Mar 03

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “

CVE-2020-8172 HIGH POC
7.4 Jun 08

TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. Rated high se

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2021-22939 MEDIUM POC
5.3 Aug 16

If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no e

CVE-2022-21824 HIGH
8.2 Feb 24

Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passe

CVE-2026-46863 HIGH
7.5 Jun 16

Remote unauthenticated denial-of-service in Oracle MySQL Server and MySQL Cluster (8.0.x, 8.4.x, and 9.0.0-9.7.0) allows

CVE-2021-22883 HIGH
7.5 Mar 03

Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connecti

CVE-2020-8277 HIGH
7.5 Nov 19

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial

CVE-2025-21574 MEDIUM
6.5 Apr 15

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),

CVE-2025-21575 MEDIUM
6.5 Apr 15

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5),

Share

CVE-2018-2877 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy