From 12ae60c6f2012d48d7aaa8571db68bc340eaf9d5 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 2 May 2020 15:56:26 +0200 Subject: [PATCH] local commit --- .travis.yml | 376 +- USAGE.md | 306 +- Vagrant/Vagrantfile_for_MariaDB10-0 | 228 +- Vagrant/Vagrantfile_for_MariaDB10-2 | 214 +- Vagrant/Vagrantfile_for_MariaDB10-3 | 212 +- build/updateCVElist.pl | 158 +- mysqltuner.pl | 13232 +++++++++++++------------- vulnerabilities.csv | 1738 ++-- 8 files changed, 8232 insertions(+), 8232 deletions(-) diff --git a/.travis.yml b/.travis.yml index def1fcf..ad71a21 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,188 +1,188 @@ -sudo: false - -language: perl - -matrix: - include: - - addons: - mariadb: "5.5" - name: "MariaDB 5.5/Perl 5.24" - perl: "5.24" - - addons: - mariadb: "10.0" - name: "MariaDB 10.0/Perl 5.24" - perl: "5.24" - - addons: - mariadb: "10.1" - name: "MariaDB 10.1/Perl 5.24" - perl: "5.24" - - addons: - mariadb: "10.2" - name: "MariaDB 10.2/Perl 5.24" - perl: "5.24" - - addons: - mariadb: "10.3" - name: "MariaDB 10.3/Perl 5.24" - perl: "5.24" - - addons: - mariadb: "10.4" - name: "MariaDB 10.4/Perl 5.24" - perl: "5.24" - - addons: - mysql: "5.5" - name: "MySQL 5.5/Perl 5.24" - perl: "5.24" - - addons: - mysql: "5.6" - name: "MySQL 5.6/Perl 5.24" - perl: "5.24" - - addons: - apt: - sources: - - mysql-5.7-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 5.7/Perl 5.24" - perl: "5.24" - - addons: - apt: - sources: - - mysql-8.0-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 8/Perl 5.24" - perl: "5.24" - - - addons: - mariadb: "5.5" - name: "MariaDB 5.5/Perl 5.16" - perl: "5.16" - - addons: - mariadb: "10.0" - name: "MariaDB 10.0/Perl 5.16" - perl: "5.16" - - addons: - mariadb: "10.1" - name: "MariaDB 10.1/Perl 5.16" - perl: "5.16" - - addons: - mariadb: "10.2" - name: "MariaDB 10.2/Perl 5.16" - perl: "5.16" - - addons: - mariadb: "10.3" - name: "MariaDB 10.3/Perl 5.16" - perl: "5.16" - - addons: - mariadb: "10.4" - name: "MariaDB 10.4/Perl 5.16" - perl: "5.16" - - addons: - mysql: "5.5" - name: "MySQL 5.5/Perl 5.16" - perl: "5.16" - - addons: - mysql: "5.6" - name: "MySQL 5.6/Perl 5.16" - perl: "5.16" - - addons: - apt: - sources: - - mysql-5.7-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 5.7/Perl 5.16" - perl: "5.16" - - addons: - apt: - sources: - - mysql-8.0-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 8/Perl 5.16" - perl: "5.16" - - - addons: - mariadb: "5.5" - name: "MariaDB 5.5/Perl 5.10" - perl: "5.10" - - addons: - mariadb: "10.0" - name: "MariaDB 10.0/Perl 5.10" - perl: "5.10" - - addons: - mariadb: "10.1" - name: "MariaDB 10.1/Perl 5.10" - perl: "5.10" - - addons: - mariadb: "10.2" - name: "MariaDB 10.2/Perl 5.10" - perl: "5.10" - - addons: - mariadb: "10.3" - name: "MariaDB 10.3/Perl 5.10" - perl: "5.10" - - addons: - mariadb: "10.4" - name: "MariaDB 10.4/Perl 5.10" - perl: "5.10" - - addons: - mysql: "5.5" - name: "MySQL 5.5/Perl 5.10" - perl: "5.10" - - addons: - mysql: "5.6" - name: "MySQL 5.6/Perl 5.10" - perl: "5.10" - - addons: - apt: - sources: - - mysql-5.7-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 5.7/Perl 5.10" - perl: "5.10" - - addons: - apt: - sources: - - mysql-8.0-trusty - packages: - - mysql-server - - mysql-client - name: "MySQL 8/Perl 5.10" - perl: "5.10" - -before_install: - - git clone git://github.com/haarg/perl-travis-helper - - source perl-travis-helper/init - - build-perl - - perl -V - -install: - - cpanm --quiet --notest Data::Dumper - - cpanm --quiet --notest JSON - - cpanm --quiet --notest Perl::Critic - - cpanm --quiet --notest Text::Template - -before_script: - - echo -e "[client]\nuser=root\npassword=\"\"" > .my.cnf - - chmod 600 .my.cnf - - git clone https://github.com/datacharmer/test_db.git - - cd test_db - - cat employees.sql | grep -v 'storage_engine' | mysql - - cd .. - -script: - - perlcritic --exclude InputOutput::ProhibitInteractiveTest mysqltuner.pl - - ./mysqltuner.pl --verbose --tbstat 2>stderr.txt | tee -a "stdout.txt" - -after_script: - - echo "Standard Output: $(cat stdout.txt)" - - echo "Standard Error : $(cat stderr.txt)" - - [ "0" = "$(wl -l stderr.txt)" ] || exit 2 - +sudo: false + +language: perl + +matrix: + include: + - addons: + mariadb: "5.5" + name: "MariaDB 5.5/Perl 5.24" + perl: "5.24" + - addons: + mariadb: "10.0" + name: "MariaDB 10.0/Perl 5.24" + perl: "5.24" + - addons: + mariadb: "10.1" + name: "MariaDB 10.1/Perl 5.24" + perl: "5.24" + - addons: + mariadb: "10.2" + name: "MariaDB 10.2/Perl 5.24" + perl: "5.24" + - addons: + mariadb: "10.3" + name: "MariaDB 10.3/Perl 5.24" + perl: "5.24" + - addons: + mariadb: "10.4" + name: "MariaDB 10.4/Perl 5.24" + perl: "5.24" + - addons: + mysql: "5.5" + name: "MySQL 5.5/Perl 5.24" + perl: "5.24" + - addons: + mysql: "5.6" + name: "MySQL 5.6/Perl 5.24" + perl: "5.24" + - addons: + apt: + sources: + - mysql-5.7-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 5.7/Perl 5.24" + perl: "5.24" + - addons: + apt: + sources: + - mysql-8.0-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 8/Perl 5.24" + perl: "5.24" + + - addons: + mariadb: "5.5" + name: "MariaDB 5.5/Perl 5.16" + perl: "5.16" + - addons: + mariadb: "10.0" + name: "MariaDB 10.0/Perl 5.16" + perl: "5.16" + - addons: + mariadb: "10.1" + name: "MariaDB 10.1/Perl 5.16" + perl: "5.16" + - addons: + mariadb: "10.2" + name: "MariaDB 10.2/Perl 5.16" + perl: "5.16" + - addons: + mariadb: "10.3" + name: "MariaDB 10.3/Perl 5.16" + perl: "5.16" + - addons: + mariadb: "10.4" + name: "MariaDB 10.4/Perl 5.16" + perl: "5.16" + - addons: + mysql: "5.5" + name: "MySQL 5.5/Perl 5.16" + perl: "5.16" + - addons: + mysql: "5.6" + name: "MySQL 5.6/Perl 5.16" + perl: "5.16" + - addons: + apt: + sources: + - mysql-5.7-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 5.7/Perl 5.16" + perl: "5.16" + - addons: + apt: + sources: + - mysql-8.0-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 8/Perl 5.16" + perl: "5.16" + + - addons: + mariadb: "5.5" + name: "MariaDB 5.5/Perl 5.10" + perl: "5.10" + - addons: + mariadb: "10.0" + name: "MariaDB 10.0/Perl 5.10" + perl: "5.10" + - addons: + mariadb: "10.1" + name: "MariaDB 10.1/Perl 5.10" + perl: "5.10" + - addons: + mariadb: "10.2" + name: "MariaDB 10.2/Perl 5.10" + perl: "5.10" + - addons: + mariadb: "10.3" + name: "MariaDB 10.3/Perl 5.10" + perl: "5.10" + - addons: + mariadb: "10.4" + name: "MariaDB 10.4/Perl 5.10" + perl: "5.10" + - addons: + mysql: "5.5" + name: "MySQL 5.5/Perl 5.10" + perl: "5.10" + - addons: + mysql: "5.6" + name: "MySQL 5.6/Perl 5.10" + perl: "5.10" + - addons: + apt: + sources: + - mysql-5.7-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 5.7/Perl 5.10" + perl: "5.10" + - addons: + apt: + sources: + - mysql-8.0-trusty + packages: + - mysql-server + - mysql-client + name: "MySQL 8/Perl 5.10" + perl: "5.10" + +before_install: + - git clone git://github.com/haarg/perl-travis-helper + - source perl-travis-helper/init + - build-perl + - perl -V + +install: + - cpanm --quiet --notest Data::Dumper + - cpanm --quiet --notest JSON + - cpanm --quiet --notest Perl::Critic + - cpanm --quiet --notest Text::Template + +before_script: + - echo -e "[client]\nuser=root\npassword=\"\"" > .my.cnf + - chmod 600 .my.cnf + - git clone https://github.com/datacharmer/test_db.git + - cd test_db + - cat employees.sql | grep -v 'storage_engine' | mysql + - cd .. + +script: + - perlcritic --exclude InputOutput::ProhibitInteractiveTest mysqltuner.pl + - ./mysqltuner.pl --verbose --tbstat 2>stderr.txt | tee -a "stdout.txt" + +after_script: + - echo "Standard Output: $(cat stdout.txt)" + - echo "Standard Error : $(cat stderr.txt)" + - [ "0" = "$(wl -l stderr.txt)" ] || exit 2 + diff --git a/USAGE.md b/USAGE.md index f894e19..18f3c22 100644 --- a/USAGE.md +++ b/USAGE.md @@ -1,153 +1,153 @@ -# NAME - - MySQLTuner 1.7.15 - MySQL High Performance Tuning Script - -# IMPORTANT USAGE GUIDELINES - -To run the script with the default options, run the script without arguments -Allow MySQL server to run for at least 24-48 hours before trusting suggestions -Some routines may require root level privileges (script will provide warnings) -You must provide the remote server's total memory when connecting to other servers - -# CONNECTION AND AUTHENTICATION - - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --ssl-ca Path to public key - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf - -# PERFORMANCE AND REPORTING OPTIONS - - --skipsize Don't enumerate tables and their types/sizes (default: on) - (Recommended for servers with many tables) - --skippassword Don't perform checks on user passwords(default: off) - --checkversion Check for updates to MySQLTuner (default: don't check) - --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) - --forcemem Amount of RAM installed in megabytes - --forceswap Amount of swap memory configured in megabytes - --passwordfile Path to a password file list(one password by line) - -# OUTPUT OPTIONS - - --silent Don't output anything on screen - --nogood Remove OK responses - --nobad Remove negative/suggestion responses - --noinfo Remove informational responses - --debug Print debug information - --noprocess Consider no other process is running - --dbstat Print database information - --nodbstat Don't Print database information - --tbstat Print table information - --notbstat Don't Print table information - --idxstat Print index information - --noidxstat Don't Print index information - --sysstat Print system information - --nosysstat Don't Print system information - --pfstat Print Performance schema - --nopfstat Don't Print Performance schema - --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) - --bannedports Ports banned separated by comma(,) - --maxportallowed Number of ports opened allowed on this hosts - --cvefile CVE File for vulnerability checks - --nocolor Don't print output in color - --json Print result as JSON string - --buffers Print global and per-thread buffer values - --outputfile Path to a output txt file - --reportfile Path to a report txt file - --template Path to a template file - -# PERLDOC - -You can find documentation for this module with the perldoc command. - - perldoc mysqltuner - -## INTERNALS - -[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) - - Internal documentation - -# AUTHORS - -Major Hayden - major@mhtx.net - -# CONTRIBUTORS - -- Matthew Montgomery -- Paul Kehrer -- Dave Burgess -- Jonathan Hinds -- Mike Jackson -- Nils Breunese -- Shawn Ashlee -- Luuk Vosslamber -- Ville Skytta -- Trent Hornibrook -- Jason Gill -- Mark Imbriaco -- Greg Eden -- Aubin Galinotti -- Giovanni Bechis -- Bill Bradford -- Ryan Novosielski -- Michael Scheidell -- Blair Christensen -- Hans du Plooy -- Victor Trac -- Everett Barnes -- Tom Krouper -- Gary Barrueto -- Simon Greenaway -- Adam Stein -- Isart Montane -- Baptiste M. -- Cole Turner -- Major Hayden -- Joe Ashcraft -- Jean-Marie Renouard -- Stephan GroBberndt -- Christian Loos - -# SUPPORT - -Bug reports, feature requests, and downloads at http://mysqltuner.com/ - -Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues - -Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL - -# SOURCE CODE - -[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) - - git clone https://github.com/major/MySQLTuner-perl.git - -# COPYRIGHT AND LICENSE - -Copyright (C) 2006-2018 Major Hayden - major@mhtx.net - -For the latest updates, please visit http://mysqltuner.com/ - -Git repository available at https://github.com/major/MySQLTuner-perl - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see <https://www.gnu.org/licenses/>. +# NAME + + MySQLTuner 1.7.15 - MySQL High Performance Tuning Script + +# IMPORTANT USAGE GUIDELINES + +To run the script with the default options, run the script without arguments +Allow MySQL server to run for at least 24-48 hours before trusting suggestions +Some routines may require root level privileges (script will provide warnings) +You must provide the remote server's total memory when connecting to other servers + +# CONNECTION AND AUTHENTICATION + + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf + +# PERFORMANCE AND REPORTING OPTIONS + + --skipsize Don't enumerate tables and their types/sizes (default: on) + (Recommended for servers with many tables) + --skippassword Don't perform checks on user passwords(default: off) + --checkversion Check for updates to MySQLTuner (default: don't check) + --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) + --forcemem Amount of RAM installed in megabytes + --forceswap Amount of swap memory configured in megabytes + --passwordfile Path to a password file list(one password by line) + +# OUTPUT OPTIONS + + --silent Don't output anything on screen + --nogood Remove OK responses + --nobad Remove negative/suggestion responses + --noinfo Remove informational responses + --debug Print debug information + --noprocess Consider no other process is running + --dbstat Print database information + --nodbstat Don't Print database information + --tbstat Print table information + --notbstat Don't Print table information + --idxstat Print index information + --noidxstat Don't Print index information + --sysstat Print system information + --nosysstat Don't Print system information + --pfstat Print Performance schema + --nopfstat Don't Print Performance schema + --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) + --bannedports Ports banned separated by comma(,) + --maxportallowed Number of ports opened allowed on this hosts + --cvefile CVE File for vulnerability checks + --nocolor Don't print output in color + --json Print result as JSON string + --buffers Print global and per-thread buffer values + --outputfile Path to a output txt file + --reportfile Path to a report txt file + --template Path to a template file + +# PERLDOC + +You can find documentation for this module with the perldoc command. + + perldoc mysqltuner + +## INTERNALS + +[https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md](https://github.com/major/MySQLTuner-perl/blob/master/INTERNALS.md) + + Internal documentation + +# AUTHORS + +Major Hayden - major@mhtx.net + +# CONTRIBUTORS + +- Matthew Montgomery +- Paul Kehrer +- Dave Burgess +- Jonathan Hinds +- Mike Jackson +- Nils Breunese +- Shawn Ashlee +- Luuk Vosslamber +- Ville Skytta +- Trent Hornibrook +- Jason Gill +- Mark Imbriaco +- Greg Eden +- Aubin Galinotti +- Giovanni Bechis +- Bill Bradford +- Ryan Novosielski +- Michael Scheidell +- Blair Christensen +- Hans du Plooy +- Victor Trac +- Everett Barnes +- Tom Krouper +- Gary Barrueto +- Simon Greenaway +- Adam Stein +- Isart Montane +- Baptiste M. +- Cole Turner +- Major Hayden +- Joe Ashcraft +- Jean-Marie Renouard +- Stephan GroBberndt +- Christian Loos + +# SUPPORT + +Bug reports, feature requests, and downloads at http://mysqltuner.com/ + +Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues + +Maintained by Major Hayden (major\\@mhtx.net) - Licensed under GPL + +# SOURCE CODE + +[https://github.com/major/MySQLTuner-perl](https://github.com/major/MySQLTuner-perl) + + git clone https://github.com/major/MySQLTuner-perl.git + +# COPYRIGHT AND LICENSE + +Copyright (C) 2006-2018 Major Hayden - major@mhtx.net + +For the latest updates, please visit http://mysqltuner.com/ + +Git repository available at https://github.com/major/MySQLTuner-perl + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see <https://www.gnu.org/licenses/>. diff --git a/Vagrant/Vagrantfile_for_MariaDB10-0 b/Vagrant/Vagrantfile_for_MariaDB10-0 index 9794a92..9040d70 100644 --- a/Vagrant/Vagrantfile_for_MariaDB10-0 +++ b/Vagrant/Vagrantfile_for_MariaDB10-0 @@ -1,114 +1,114 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure(2) do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - # Every Vagrant development environment requires a box. You can search for - # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "centos/7" - # config.vm.box_check_update = false - # config.vbguest.auto_update = true - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # config.vm.network "forwarded_port", guest: 80, host: 8080 - - if Vagrant.has_plugin?("vagrant-proxyconfx") - config.proxy.http = "http://10.195.50.51:3128/" - config.proxy.https = "http://10.195.50.51:3128/" - config.proxy.no_proxy = "localhost,127.0.0.1,.example.com" - end - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.0.100" - config.hostmanager.enabled = true - config.hostmanager.manage_host = true - config.hostmanager.ignore_private_ip = false - config.hostmanager.include_offline = true - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - config.vm.network "public_network" - config.vm.hostname = 'maria100' - config.hostmanager.aliases = %w(maria100.localdomain maria100.local) - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - config.vm.synced_folder "./data", "/data" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = false - # - # # Customize the amount of memory on the VM: - vb.memory = "1024" - end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies - # such as FTP and Heroku are also available. See the documentation at - # https://docs.vagrantup.com/v2/push/atlas.html for more information. - # config.push.define "atlas" do |push| - # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" - # end - - # Enable provisioning with a shell script. Additional provisioners such as - # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the - # documentation for more information about their specific syntax and use. - config.vm.provision "shell", inline: <<-SHELL - sudo yum -y update - echo "secret" | sudo passwd --stdin root - sudo cp -pr ~vagrant/.ssh /root - sudo chown -R root.root /root/.ssh - - sudo yum-config-manager --enable base - -echo "[mariadb]" >/tmp/mariadb.repo -echo "name = MariaDB" >>/tmp/mariadb.repo -echo "baseurl = http://yum.mariadb.org/10.0/centos7-amd64" >> /tmp/mariadb.repo -echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB" >> /tmp/mariadb.repo -echo "gpgcheck=1" >> /tmp/mariadb.repo -sudo cp /tmp/mariadb.repo /etc/yum.repos.d/ - - sudo rpm -Uvh http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/e/epel-release-latest.noarch.rpm - - - sudo yum -y install python2-pip git python perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils MariaDB-server MariaDB-Client wget - - sudo pip install --upgrade pip - if [ ! -d "/data/MySQLTuner-perl" ]; then - cd /data - sudo git clone https://github.com/major/MySQLTuner-perl.git - fi - sudo cpanm install File::Util - - #sudo systemctl start mariadb.service - sudo service mysql start - mysql -e 'select version();' - cd /data - sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" - sudo tar xvjf employees_db-full-1.0.6.tar.bz2 - cd employees_db - cat employees.sql | mysql - cd .. - cd MySQLTuner-perl - perl mysqltuner.pl --idxstat --dbstat - SHELL - config.vm.provision :hostmanager -end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "centos/7" + # config.vm.box_check_update = false + # config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + if Vagrant.has_plugin?("vagrant-proxyconfx") + config.proxy.http = "http://10.195.50.51:3128/" + config.proxy.https = "http://10.195.50.51:3128/" + config.proxy.no_proxy = "localhost,127.0.0.1,.example.com" + end + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.100" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'maria100' + config.hostmanager.aliases = %w(maria100.localdomain maria100.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + + sudo yum-config-manager --enable base + +echo "[mariadb]" >/tmp/mariadb.repo +echo "name = MariaDB" >>/tmp/mariadb.repo +echo "baseurl = http://yum.mariadb.org/10.0/centos7-amd64" >> /tmp/mariadb.repo +echo "gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB" >> /tmp/mariadb.repo +echo "gpgcheck=1" >> /tmp/mariadb.repo +sudo cp /tmp/mariadb.repo /etc/yum.repos.d/ + + sudo rpm -Uvh http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/e/epel-release-latest.noarch.rpm + + + sudo yum -y install python2-pip git python perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils MariaDB-server MariaDB-Client wget + + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + sudo cpanm install File::Util + + #sudo systemctl start mariadb.service + sudo service mysql start + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/Vagrant/Vagrantfile_for_MariaDB10-2 b/Vagrant/Vagrantfile_for_MariaDB10-2 index 5739af0..650866f 100644 --- a/Vagrant/Vagrantfile_for_MariaDB10-2 +++ b/Vagrant/Vagrantfile_for_MariaDB10-2 @@ -1,107 +1,107 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure(2) do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - # Every Vagrant development environment requires a box. You can search for - # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "fc23-mariadb10-1" - config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. - # config.vm.box_check_update = false - config.vbguest.auto_update = true - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # config.vm.network "forwarded_port", guest: 80, host: 8080 - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.0.115" - config.hostmanager.enabled = true - config.hostmanager.manage_host = true - config.hostmanager.ignore_private_ip = false - config.hostmanager.include_offline = true - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - config.vm.network "public_network" - config.vm.hostname = 'dev.app' - config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - config.vm.synced_folder "./data", "/data" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = false - # - # # Customize the amount of memory on the VM: - vb.memory = "1024" - end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies - # such as FTP and Heroku are also available. See the documentation at - # https://docs.vagrantup.com/v2/push/atlas.html for more information. - # config.push.define "atlas" do |push| - # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" - # end - - # Enable provisioning with a shell script. Additional provisioners such as - # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the - # documentation for more information about their specific syntax and use. - config.vm.provision "shell", inline: <<-SHELL - sudo yum -y update - echo "secret" | sudo passwd --stdin root - sudo cp -pr ~vagrant/.ssh /root - sudo chown -R root.root /root/.ssh - sudo yum -y install git python - sudo pip install --upgrade pip - if [ ! -d "/data/MySQLTuner-perl" ]; then - cd /data - sudo git clone https://github.com/major/MySQLTuner-perl.git - fi - - echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC -# http://mariadb.org/mariadb/repositories/ -[mariadb] -name = MariaDB -baseurl = http://yum.mariadb.org/10.2/fedora23-amd64 -gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo - sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils - sudo cpanm install File::Util - - sudo yum -y install MariaDB-server MariaDB-client wget - sudo systemctl start mariadb.service - mysql -e 'select version();' - cd /data - sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" - sudo tar xvjf employees_db-full-1.0.6.tar.bz2 - cd employees_db - cat employees.sql | mysql - cd .. - cd MySQLTuner-perl - perl mysqltuner.pl --idxstat --dbstat - SHELL - config.vm.provision :hostmanager -end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "fc23-mariadb10-1" + config.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-Vagrant-23-20151030.x86_64.vagrant-virtualbox.box" + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + sudo yum -y install git python + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + + echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC +# http://mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.2/fedora23-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo + sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils + sudo cpanm install File::Util + + sudo yum -y install MariaDB-server MariaDB-client wget + sudo systemctl start mariadb.service + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/Vagrant/Vagrantfile_for_MariaDB10-3 b/Vagrant/Vagrantfile_for_MariaDB10-3 index a754112..0dfac2c 100644 --- a/Vagrant/Vagrantfile_for_MariaDB10-3 +++ b/Vagrant/Vagrantfile_for_MariaDB10-3 @@ -1,106 +1,106 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. -Vagrant.configure(2) do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - # Every Vagrant development environment requires a box. You can search for - # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "centos/7" - # Disable automatic box update checking. If you disable this, then - # boxes will only be checked for updates when the user runs - # `vagrant box outdated`. This is not recommended. - # config.vm.box_check_update = false - config.vbguest.auto_update = true - # Create a forwarded port mapping which allows access to a specific port - # within the machine from a port on the host machine. In the example below, - # accessing "localhost:8080" will access port 80 on the guest machine. - # config.vm.network "forwarded_port", guest: 80, host: 8080 - - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.0.115" - config.hostmanager.enabled = true - config.hostmanager.manage_host = true - config.hostmanager.ignore_private_ip = false - config.hostmanager.include_offline = true - - # Create a public network, which generally matched to bridged network. - # Bridged networks make the machine appear as another physical device on - # your network. - config.vm.network "public_network" - config.vm.hostname = 'dev.app' - config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) - # Share an additional folder to the guest VM. The first argument is - # the path on the host to the actual folder. The second argument is - # the path on the guest to mount the folder. And the optional third - # argument is a set of non-required options. - config.vm.synced_folder "./data", "/data" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = false - # - # # Customize the amount of memory on the VM: - vb.memory = "1024" - end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies - # such as FTP and Heroku are also available. See the documentation at - # https://docs.vagrantup.com/v2/push/atlas.html for more information. - # config.push.define "atlas" do |push| - # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" - # end - - # Enable provisioning with a shell script. Additional provisioners such as - # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the - # documentation for more information about their specific syntax and use. - config.vm.provision "shell", inline: <<-SHELL - sudo yum -y update - echo "secret" | sudo passwd --stdin root - sudo cp -pr ~vagrant/.ssh /root - sudo chown -R root.root /root/.ssh - sudo yum -y install git python - sudo pip install --upgrade pip - if [ ! -d "/data/MySQLTuner-perl" ]; then - cd /data - sudo git clone https://github.com/major/MySQLTuner-perl.git - fi - - echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC -# http://mariadb.org/mariadb/repositories/ -[mariadb] -name = MariaDB -baseurl = http://yum.mariadb.org/10.3/fedora23-amd64 -gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB -gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo - sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils - sudo cpanm install File::Util - - sudo yum -y install MariaDB-server MariaDB-client wget - sudo systemctl start mariadb.service - mysql -e 'select version();' - cd /data - sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" - sudo tar xvjf employees_db-full-1.0.6.tar.bz2 - cd employees_db - cat employees.sql | mysql - cd .. - cd MySQLTuner-perl - perl mysqltuner.pl --idxstat --dbstat - SHELL - config.vm.provision :hostmanager -end +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# All Vagrant configuration is done below. The "2" in Vagrant.configure +# configures the configuration version (we support older styles for +# backwards compatibility). Please don't change it unless you know what +# you're doing. +Vagrant.configure(2) do |config| + # The most common configuration options are documented and commented below. + # For a complete reference, please see the online documentation at + # https://docs.vagrantup.com. + + # Every Vagrant development environment requires a box. You can search for + # boxes at https://atlas.hashicorp.com/search. + config.vm.box = "centos/7" + # Disable automatic box update checking. If you disable this, then + # boxes will only be checked for updates when the user runs + # `vagrant box outdated`. This is not recommended. + # config.vm.box_check_update = false + config.vbguest.auto_update = true + # Create a forwarded port mapping which allows access to a specific port + # within the machine from a port on the host machine. In the example below, + # accessing "localhost:8080" will access port 80 on the guest machine. + # config.vm.network "forwarded_port", guest: 80, host: 8080 + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.0.115" + config.hostmanager.enabled = true + config.hostmanager.manage_host = true + config.hostmanager.ignore_private_ip = false + config.hostmanager.include_offline = true + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + config.vm.network "public_network" + config.vm.hostname = 'dev.app' + config.hostmanager.aliases = %w(dev.app.localdomain dev.app.local) + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + config.vm.synced_folder "./data", "/data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Display the VirtualBox GUI when booting the machine + # vb.gui = false + # + # # Customize the amount of memory on the VM: + vb.memory = "1024" + end + # + # View the documentation for the provider you are using for more + # information on available options. + + # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies + # such as FTP and Heroku are also available. See the documentation at + # https://docs.vagrantup.com/v2/push/atlas.html for more information. + # config.push.define "atlas" do |push| + # push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME" + # end + + # Enable provisioning with a shell script. Additional provisioners such as + # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the + # documentation for more information about their specific syntax and use. + config.vm.provision "shell", inline: <<-SHELL + sudo yum -y update + echo "secret" | sudo passwd --stdin root + sudo cp -pr ~vagrant/.ssh /root + sudo chown -R root.root /root/.ssh + sudo yum -y install git python + sudo pip install --upgrade pip + if [ ! -d "/data/MySQLTuner-perl" ]; then + cd /data + sudo git clone https://github.com/major/MySQLTuner-perl.git + fi + + echo "# MariaDB 10.1 Fedora repository list - created 2016-01-25 13:11 UTC +# http://mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.3/fedora23-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1" >> /etc/yum.repos.d/mariadb.repo + sudo yum -y install perl-WWW-Mechanize-GZip perl-App-cpanminus perl-List-MoreUtils + sudo cpanm install File::Util + + sudo yum -y install MariaDB-server MariaDB-client wget + sudo systemctl start mariadb.service + mysql -e 'select version();' + cd /data + sudo wget "https://launchpad.net/test-db/employees-db-1/1.0.6/+download/employees_db-full-1.0.6.tar.bz2" + sudo tar xvjf employees_db-full-1.0.6.tar.bz2 + cd employees_db + cat employees.sql | mysql + cd .. + cd MySQLTuner-perl + perl mysqltuner.pl --idxstat --dbstat + SHELL + config.vm.provision :hostmanager +end diff --git a/build/updateCVElist.pl b/build/updateCVElist.pl index 122fb50..5369e45 100644 --- a/build/updateCVElist.pl +++ b/build/updateCVElist.pl @@ -1,79 +1,79 @@ -#!/usr/bin/perl -use warnings; -use strict; -use WWW::Mechanize::GZip; -use File::Util; -use Data::Dumper; -use List::MoreUtils qw(uniq); -my $verbose=1; -sub AUTOLOAD { - use vars qw($AUTOLOAD); - my $cmd = $AUTOLOAD; - $cmd=~s/.*:://; - print "\n","*" x 60, "\n* Catching system call : $cmd \n", "*"x60 if defined $verbose; - print "\nExecution : \t", $cmd, " ", join " ", @_ if defined $verbose; - my $outp=`$cmd @_ 2>&1`; - my $rc=$?; - print "\nResult : \t$outp", if defined $verbose; - print "Code : \t", $rc, "\n" if defined $verbose; - return $rc; -} - -my $mech = WWW::Mechanize->new(); -$mech->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0'); -#$mech->proxy( ['http'], 'http://XXX.XXX.XXX.XXX:3128' ); -#$mech->proxy( ['https'], 'http://XXX.XXX.XXX.XXX:3128' ); -$mech->env_proxy; - - -$mech->ssl_opts( 'verify_hostname' => 0 ); - - -$mech->requests_redirectable(['GET', 'POST', 'HEAD']); - - -$mech->add_handler("request_send", sub { print '#'x80,"\nSEND REQUEST:\n"; shift->dump; print '#'x80,"\n";return } ) if defined $verbose; -$mech->add_handler("response_done", sub { print '#'x80,"\nDONE RESPONSE:\n"; shift->dump; print '#'x80,"\n"; return }) if defined $verbose; -$mech->add_handler("response_redirect" => sub { print '#'x80,"\nREDIRECT RESPONSE:\n"; shift->dump; print '#'x80,"\n"; return }) if defined $verbose; - - -my $url = 'http://cve.mitre.org/data/downloads/allitems.csv'; -my $resp; - -unless (-f 'cve.csv') { - $resp=$mech->get($url); - $mech->save_content( "cve.csv" ); -} -my $f=File::Util->new( readlimit => 152428800); -File::Util->flock_rules( qw/ IGNORE/ ); - -my @versions; -my $temp; -unlink '../vulnerabilities.csv' if -f '../vulnerabilities.csv'; -open(CVE, 'cve.csv') or die("Could not open file."); -foreach my $line () { - if ($line =~ /(mysql|mariadb|percona)/i - and $line =~ /server/i - and $line =~ /CANDIDATE/i - and $line !~ /MaxDB/i - and $line !~ /\*\* REJECT \*\* /i - and $line !~ /\*\* DISPUTED \*\* /i - and $line !~ /(Radius|Proofpoint|Active\ Record|XAMPP|TGS\ Content|e107|post-installation|Apache\ HTTP|Zmanda|pforum|phpMyAdmin|Proxy\ Server|on\ Windows|ADOdb|Mac\ OS|Dreamweaver|InterWorx|libapache2|cisco|ProFTPD)/i) { - $line =~ s/,/;/g; - - @versions = $line =~/(\d{1,2}\.\d+\.[\d]+)/g; - - foreach my $vers (uniq(@versions)) { - my @nb=split('\.', $vers); - $nb[2]-- if ($line =~ /before/i); - #print $vers."\n".Dumper @nb; - #print "$line"; - #exit 0 if ($line =~/before/i) ; - $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line", 'mode' => 'append'); - } - } -} -close(CVE); -#unlink ('cve.csv') if (-f 'cve.csv'); - -exit(0); +#!/usr/bin/perl +use warnings; +use strict; +use WWW::Mechanize::GZip; +use File::Util; +use Data::Dumper; +use List::MoreUtils qw(uniq); +my $verbose=1; +sub AUTOLOAD { + use vars qw($AUTOLOAD); + my $cmd = $AUTOLOAD; + $cmd=~s/.*:://; + print "\n","*" x 60, "\n* Catching system call : $cmd \n", "*"x60 if defined $verbose; + print "\nExecution : \t", $cmd, " ", join " ", @_ if defined $verbose; + my $outp=`$cmd @_ 2>&1`; + my $rc=$?; + print "\nResult : \t$outp", if defined $verbose; + print "Code : \t", $rc, "\n" if defined $verbose; + return $rc; +} + +my $mech = WWW::Mechanize->new(); +$mech->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0'); +#$mech->proxy( ['http'], 'http://XXX.XXX.XXX.XXX:3128' ); +#$mech->proxy( ['https'], 'http://XXX.XXX.XXX.XXX:3128' ); +$mech->env_proxy; + + +$mech->ssl_opts( 'verify_hostname' => 0 ); + + +$mech->requests_redirectable(['GET', 'POST', 'HEAD']); + + +$mech->add_handler("request_send", sub { print '#'x80,"\nSEND REQUEST:\n"; shift->dump; print '#'x80,"\n";return } ) if defined $verbose; +$mech->add_handler("response_done", sub { print '#'x80,"\nDONE RESPONSE:\n"; shift->dump; print '#'x80,"\n"; return }) if defined $verbose; +$mech->add_handler("response_redirect" => sub { print '#'x80,"\nREDIRECT RESPONSE:\n"; shift->dump; print '#'x80,"\n"; return }) if defined $verbose; + + +my $url = 'http://cve.mitre.org/data/downloads/allitems.csv'; +my $resp; + +unless (-f 'cve.csv') { + $resp=$mech->get($url); + $mech->save_content( "cve.csv" ); +} +my $f=File::Util->new( readlimit => 152428800); +File::Util->flock_rules( qw/ IGNORE/ ); + +my @versions; +my $temp; +unlink '../vulnerabilities.csv' if -f '../vulnerabilities.csv'; +open(CVE, 'cve.csv') or die("Could not open file."); +foreach my $line () { + if ($line =~ /(mysql|mariadb|percona)/i + and $line =~ /server/i + and $line =~ /CANDIDATE/i + and $line !~ /MaxDB/i + and $line !~ /\*\* REJECT \*\* /i + and $line !~ /\*\* DISPUTED \*\* /i + and $line !~ /(Radius|Proofpoint|Active\ Record|XAMPP|TGS\ Content|e107|post-installation|Apache\ HTTP|Zmanda|pforum|phpMyAdmin|Proxy\ Server|on\ Windows|ADOdb|Mac\ OS|Dreamweaver|InterWorx|libapache2|cisco|ProFTPD)/i) { + $line =~ s/,/;/g; + + @versions = $line =~/(\d{1,2}\.\d+\.[\d]+)/g; + + foreach my $vers (uniq(@versions)) { + my @nb=split('\.', $vers); + $nb[2]-- if ($line =~ /before/i); + #print $vers."\n".Dumper @nb; + #print "$line"; + #exit 0 if ($line =~/before/i) ; + $f->write_file('file' => '../vulnerabilities.csv', 'content' => "$nb[0].$nb[1].$nb[2];$nb[0];$nb[1];$nb[2];$line", 'mode' => 'append'); + } + } +} +close(CVE); +#unlink ('cve.csv') if (-f 'cve.csv'); + +exit(0); diff --git a/mysqltuner.pl b/mysqltuner.pl index 52158af..48bc529 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,6616 +1,6616 @@ -#!/usr/bin/env perl -# mysqltuner.pl - Version 1.7.15 -# High Performance MySQL Tuning Script -# Copyright (C) 2006-2018 Major Hayden - major@mhtx.net -# -# For the latest updates, please visit http://mysqltuner.com/ -# Git repository available at https://github.com/major/MySQLTuner-perl -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . -# -# This project would not be possible without help from: -# Matthew Montgomery Paul Kehrer Dave Burgess -# Jonathan Hinds Mike Jackson Nils Breunese -# Shawn Ashlee Luuk Vosslamber Ville Skytta -# Trent Hornibrook Jason Gill Mark Imbriaco -# Greg Eden Aubin Galinotti Giovanni Bechis -# Bill Bradford Ryan Novosielski Michael Scheidell -# Blair Christensen Hans du Plooy Victor Trac -# Everett Barnes Tom Krouper Gary Barrueto -# Simon Greenaway Adam Stein Isart Montane -# Baptiste M. Cole Turner Major Hayden -# Joe Ashcraft Jean-Marie Renouard Christian Loos -# Julien Francoz -# -# Inspired by Matthew Montgomery's tuning-primer.sh script: -# http://www.day32.com/MySQL/ -# -package main; - -use 5.005; -use strict; -use warnings; - -use diagnostics; -use File::Spec; -use Getopt::Long; -use Pod::Usage; -use File::Basename; -use Cwd 'abs_path'; - -use Data::Dumper; -$Data::Dumper::Pair = " : "; - -# for which() -#use Env; - -# Set up a few variables for use in the script -my $tunerversion = "1.7.15"; -my ( @adjvars, @generalrec ); - -# Set defaults -my %opt = ( - "silent" => 0, - "nobad" => 0, - "nogood" => 0, - "noinfo" => 0, - "debug" => 0, - "nocolor" => ( !-t STDOUT ), - "color" => 0, - "forcemem" => 0, - "forceswap" => 0, - "host" => 0, - "socket" => 0, - "port" => 0, - "user" => 0, - "pass" => 0, - "password" => 0, - "ssl-ca" => 0, - "skipsize" => 0, - "checkversion" => 0, - "updateversion" => 0, - "buffers" => 0, - "passwordfile" => 0, - "bannedports" => '', - "maxportallowed" => 0, - "outputfile" => 0, - "noprocess" => 0, - "dbstat" => 0, - "nodbstat" => 0, - "tbstat" => 0, - "notbstat" => 0, - "idxstat" => 0, - "noidxstat" => 0, - "sysstat" => 0, - "nosysstat" => 0, - "pfstat" => 0, - "nopfstat" => 0, - "skippassword" => 0, - "noask" => 0, - "template" => 0, - "json" => 0, - "prettyjson" => 0, - "reportfile" => 0, - "verbose" => 0, - "defaults-file" => '', -); - -# Gather the options from the command line -GetOptions( - \%opt, 'nobad', - 'nogood', 'noinfo', - 'debug', 'nocolor', - 'forcemem=i', 'forceswap=i', - 'host=s', 'socket=s', - 'port=i', 'user=s', - 'pass=s', 'skipsize', - 'checkversion', 'mysqladmin=s', - 'mysqlcmd=s', 'help', - 'buffers', 'skippassword', - 'passwordfile=s', 'outputfile=s', - 'silent', 'noask', - 'json', 'prettyjson', - 'template=s', 'reportfile=s', - 'cvefile=s', 'bannedports=s', - 'updateversion', 'maxportallowed=s', - 'verbose', 'password=s', - 'passenv=s', 'userenv=s', - 'defaults-file=s', 'ssl-ca=s', - 'color', 'noprocess', - 'dbstat', 'nodbstat', - 'tbstat', 'notbstat', - 'sysstat', 'nosysstat', - 'pfstat', 'nopfstat', - 'idxstat', 'noidxstat', - ) - or pod2usage( - -exitval => 1, - -verbose => 99, - -sections => [ - "NAME", - "IMPORTANT USAGE GUIDELINES", - "CONNECTION AND AUTHENTICATION", - "PERFORMANCE AND REPORTING OPTIONS", - "OUTPUT OPTIONS" - ] - ); - -if ( defined $opt{'help'} && $opt{'help'} == 1 ) { - pod2usage( - -exitval => 0, - -verbose => 99, - -sections => [ - "NAME", - "IMPORTANT USAGE GUIDELINES", - "CONNECTION AND AUTHENTICATION", - "PERFORMANCE AND REPORTING OPTIONS", - "OUTPUT OPTIONS" - ] - ); -} - -my $devnull = File::Spec->devnull(); -my $basic_password_files = - ( $opt{passwordfile} eq "0" ) - ? abs_path( dirname(__FILE__) ) . "/basic_passwords.txt" - : abs_path( $opt{passwordfile} ); - -# Username from envvar -if ( exists $opt{userenv} && exists $ENV{ $opt{userenv} } ) { - $opt{user} = $ENV{ $opt{userenv} }; -} - -# Related to password option -if ( exists $opt{passenv} && exists $ENV{ $opt{passenv} } ) { - $opt{pass} = $ENV{ $opt{passenv} }; -} -$opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); - -# for RPM distributions -$basic_password_files = "/usr/share/mysqltuner/basic_passwords.txt" - unless -f "$basic_password_files"; - -# check if we need to enable verbose mode -if ( $opt{verbose} ) { - $opt{checkversion} = 1; #Check for updates to MySQLTuner - $opt{dbstat} = 1; #Print database information - $opt{tbstat} = 1; #Print database information - $opt{idxstat} = 1; #Print index information - $opt{sysstat} = 1; #Print index information - $opt{buffers} = 1; #Print global and per-thread buffer values - $opt{pfstat} = 1; #Print performance schema info. - $opt{cvefile} = 'vulnerabilities.csv'; #CVE File for vulnerability checks -} -$opt{nocolor} = 1 if defined( $opt{outputfile} ); -$opt{tbstat} = 0 if ( $opt{notbstat} == 1 ); # Don't Print table information -$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't Print database information -$opt{noprocess} = 0 - if ( $opt{noprocess} == 1 ); # Don't Print process information -$opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't Print sysstat information -$opt{pfstat} = 0 - if ( $opt{nopfstat} == 1 ); # Don't Print performance schema information -$opt{idxstat} = 0 if ( $opt{noidxstat} == 1 ); # Don't Print index information - -# for RPM distributions -$opt{cvefile} = "/usr/share/mysqltuner/vulnerabilities.csv" - unless ( defined $opt{cvefile} and -f "$opt{cvefile}" ); -$opt{cvefile} = '' unless -f "$opt{cvefile}"; -$opt{cvefile} = './vulnerabilities.csv' if -f './vulnerabilities.csv'; - -$opt{'bannedports'} = '' unless defined( $opt{'bannedports'} ); -my @banned_ports = split ',', $opt{'bannedports'}; - -# -my $outputfile = undef; -$outputfile = abs_path( $opt{outputfile} ) unless $opt{outputfile} eq "0"; - -my $fh = undef; -open( $fh, '>', $outputfile ) - or die("Fail opening $outputfile") - if defined($outputfile); -$opt{nocolor} = 1 if defined($outputfile); -$opt{nocolor} = 1 unless ( -t STDOUT ); - -$opt{nocolor} = 0 if ( $opt{color} == 1 ); - -# Setting up the colors for the print styles -my $me = `whoami`; -$me =~ s/\n//g; - -# Setting up the colors for the print styles -my $good = ( $opt{nocolor} == 0 ) ? "[\e[0;32mOK\e[0m]" : "[OK]"; -my $bad = ( $opt{nocolor} == 0 ) ? "[\e[0;31m!!\e[0m]" : "[!!]"; -my $info = ( $opt{nocolor} == 0 ) ? "[\e[0;34m--\e[0m]" : "[--]"; -my $deb = ( $opt{nocolor} == 0 ) ? "[\e[0;31mDG\e[0m]" : "[DG]"; -my $cmd = ( $opt{nocolor} == 0 ) ? "\e[1;32m[CMD]($me)" : "[CMD]($me)"; -my $end = ( $opt{nocolor} == 0 ) ? "\e[0m" : ""; - -# Checks for supported or EOL'ed MySQL versions -my ( $mysqlvermajor, $mysqlverminor, $mysqlvermicro ); - -# Super structure containing all information -my %result; -$result{'MySQLTuner'}{'version'} = $tunerversion; -$result{'MySQLTuner'}{'options'} = \%opt; - -# Functions that handle the print styles -sub prettyprint { - print $_[0] . "\n" unless ( $opt{'silent'} or $opt{'json'} ); - print $fh $_[0] . "\n" if defined($fh); -} -sub goodprint { prettyprint $good. " " . $_[0] unless ( $opt{nogood} == 1 ); } -sub infoprint { prettyprint $info. " " . $_[0] unless ( $opt{noinfo} == 1 ); } -sub badprint { prettyprint $bad. " " . $_[0] unless ( $opt{nobad} == 1 ); } -sub debugprint { prettyprint $deb. " " . $_[0] unless ( $opt{debug} == 0 ); } - -sub redwrap { - return ( $opt{nocolor} == 0 ) ? "\e[0;31m" . $_[0] . "\e[0m" : $_[0]; -} - -sub greenwrap { - return ( $opt{nocolor} == 0 ) ? "\e[0;32m" . $_[0] . "\e[0m" : $_[0]; -} -sub cmdprint { prettyprint $cmd. " " . $_[0] . $end; } - -sub infoprintml { - for my $ln (@_) { $ln =~ s/\n//g; infoprint "\t$ln"; } -} - -sub infoprintcmd { - cmdprint "@_"; - infoprintml grep { $_ ne '' and $_ !~ /^\s*$/ } `@_ 2>&1`; -} - -sub subheaderprint { - my $tln = 100; - my $sln = 8; - my $ln = length("@_") + 2; - - prettyprint " "; - prettyprint "-" x $sln . " @_ " . "-" x ( $tln - $ln - $sln ); -} - -sub infoprinthcmd { - subheaderprint "$_[0]"; - infoprintcmd "$_[1]"; -} - -# Calculates the number of physical cores considering HyperThreading -sub cpu_cores { - my $cntCPU = -`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; - return ( $cntCPU == 0 ? `nproc` : $cntCPU ); -} - -# Calculates the parameter passed in bytes, then rounds it to one decimal place -sub hr_bytes { - my $num = shift; - return "0B" unless defined($num); - return "0B" if $num eq "NULL"; - - if ( $num >= ( 1024**3 ) ) { #GB - return sprintf( "%.1f", ( $num / ( 1024**3 ) ) ) . "G"; - } - elsif ( $num >= ( 1024**2 ) ) { #MB - return sprintf( "%.1f", ( $num / ( 1024**2 ) ) ) . "M"; - } - elsif ( $num >= 1024 ) { #KB - return sprintf( "%.1f", ( $num / 1024 ) ) . "K"; - } - else { - return $num . "B"; - } -} - -sub hr_raw { - my $num = shift; - return "0" unless defined($num); - return "0" if $num eq "NULL"; - if ( $num =~ /^(\d+)G$/ ) { - return $1 * 1024 * 1024 * 1024; - } - if ( $num =~ /^(\d+)M$/ ) { - return $1 * 1024 * 1024; - } - if ( $num =~ /^(\d+)K$/ ) { - return $1 * 1024; - } - if ( $num =~ /^(\d+)$/ ) { - return $1; - } - return $num; -} - -# Calculates the parameter passed in bytes, then rounds it to the nearest integer -sub hr_bytes_rnd { - my $num = shift; - return "0B" unless defined($num); - return "0B" if $num eq "NULL"; - - if ( $num >= ( 1024**3 ) ) { #GB - return int( ( $num / ( 1024**3 ) ) ) . "G"; - } - elsif ( $num >= ( 1024**2 ) ) { #MB - return int( ( $num / ( 1024**2 ) ) ) . "M"; - } - elsif ( $num >= 1024 ) { #KB - return int( ( $num / 1024 ) ) . "K"; - } - else { - return $num . "B"; - } -} - -# Calculates the parameter passed to the nearest power of 1000, then rounds it to the nearest integer -sub hr_num { - my $num = shift; - if ( $num >= ( 1000**3 ) ) { # Billions - return int( ( $num / ( 1000**3 ) ) ) . "B"; - } - elsif ( $num >= ( 1000**2 ) ) { # Millions - return int( ( $num / ( 1000**2 ) ) ) . "M"; - } - elsif ( $num >= 1000 ) { # Thousands - return int( ( $num / 1000 ) ) . "K"; - } - else { - return $num; - } -} - -# Calculate Percentage -sub percentage { - my $value = shift; - my $total = shift; - $total = 0 unless defined $total; - $total = 0 if $total eq "NULL"; - return 100, 00 if $total == 0; - return sprintf( "%.2f", ( $value * 100 / $total ) ); -} - -# Calculates uptime to display in a more attractive form -sub pretty_uptime { - my $uptime = shift; - my $seconds = $uptime % 60; - my $minutes = int( ( $uptime % 3600 ) / 60 ); - my $hours = int( ( $uptime % 86400 ) / (3600) ); - my $days = int( $uptime / (86400) ); - my $uptimestring; - if ( $days > 0 ) { - $uptimestring = "${days}d ${hours}h ${minutes}m ${seconds}s"; - } - elsif ( $hours > 0 ) { - $uptimestring = "${hours}h ${minutes}m ${seconds}s"; - } - elsif ( $minutes > 0 ) { - $uptimestring = "${minutes}m ${seconds}s"; - } - else { - $uptimestring = "${seconds}s"; - } - return $uptimestring; -} - -# Retrieves the memory installed on this machine -my ( $physical_memory, $swap_memory, $duflags ); - -sub memerror { - badprint -"Unable to determine total memory/swap; use '--forcemem' and '--forceswap'"; - exit 1; -} - -sub os_setup { - my $os = `uname`; - $duflags = ( $os =~ /Linux/ ) ? '-b' : ''; - if ( $opt{'forcemem'} > 0 ) { - $physical_memory = $opt{'forcemem'} * 1048576; - infoprint "Assuming $opt{'forcemem'} MB of physical memory"; - if ( $opt{'forceswap'} > 0 ) { - $swap_memory = $opt{'forceswap'} * 1048576; - infoprint "Assuming $opt{'forceswap'} MB of swap space"; - } - else { - $swap_memory = 0; - badprint "Assuming 0 MB of swap space (use --forceswap to specify)"; - } - } - else { - if ( $os =~ /Linux|CYGWIN/ ) { - $physical_memory = - `grep -i memtotal: /proc/meminfo | awk '{print \$2}'` - or memerror; - $physical_memory *= 1024; - - $swap_memory = - `grep -i swaptotal: /proc/meminfo | awk '{print \$2}'` - or memerror; - $swap_memory *= 1024; - } - elsif ( $os =~ /Darwin/ ) { - $physical_memory = `sysctl -n hw.memsize` or memerror; - $swap_memory = - `sysctl -n vm.swapusage | awk '{print \$3}' | sed 's/\..*\$//'` - or memerror; - } - elsif ( $os =~ /NetBSD|OpenBSD|FreeBSD/ ) { - $physical_memory = `sysctl -n hw.physmem` or memerror; - if ( $physical_memory < 0 ) { - $physical_memory = `sysctl -n hw.physmem64` or memerror; - } - $swap_memory = - `swapctl -l | grep '^/' | awk '{ s+= \$2 } END { print s }'` - or memerror; - } - elsif ( $os =~ /BSD/ ) { - $physical_memory = `sysctl -n hw.realmem` or memerror; - $swap_memory = - `swapinfo | grep '^/' | awk '{ s+= \$2 } END { print s }'`; - } - elsif ( $os =~ /SunOS/ ) { - $physical_memory = - `/usr/sbin/prtconf | grep Memory | cut -f 3 -d ' '` - or memerror; - chomp($physical_memory); - $physical_memory = $physical_memory * 1024 * 1024; - } - elsif ( $os =~ /AIX/ ) { - $physical_memory = - `lsattr -El sys0 | grep realmem | awk '{print \$2}'` - or memerror; - chomp($physical_memory); - $physical_memory = $physical_memory * 1024; - $swap_memory = `lsps -as | awk -F"(MB| +)" '/MB /{print \$2}'` - or memerror; - chomp($swap_memory); - $swap_memory = $swap_memory * 1024 * 1024; - } - elsif ( $os =~ /windows/i ) { - $physical_memory = -`wmic ComputerSystem get TotalPhysicalMemory | perl -ne "chomp; print if /[0-9]+/;"` - or memerror; - $swap_memory = -`wmic OS get FreeVirtualMemory | perl -ne "chomp; print if /[0-9]+/;"` - or memerror; - } - } - debugprint "Physical Memory: $physical_memory"; - debugprint "Swap Memory: $swap_memory"; - chomp($physical_memory); - chomp($swap_memory); - chomp($os); - $result{'OS'}{'OS Type'} = $os; - $result{'OS'}{'Physical Memory'}{'bytes'} = $physical_memory; - $result{'OS'}{'Physical Memory'}{'pretty'} = hr_bytes($physical_memory); - $result{'OS'}{'Swap Memory'}{'bytes'} = $swap_memory; - $result{'OS'}{'Swap Memory'}{'pretty'} = hr_bytes($swap_memory); - $result{'OS'}{'Other Processes'}{'bytes'} = get_other_process_memory(); - $result{'OS'}{'Other Processes'}{'pretty'} = - hr_bytes( get_other_process_memory() ); -} - -sub get_http_cli { - my $httpcli = which( "curl", $ENV{'PATH'} ); - chomp($httpcli); - if ($httpcli) { - return $httpcli; - } - - $httpcli = which( "wget", $ENV{'PATH'} ); - chomp($httpcli); - if ($httpcli) { - return $httpcli; - } - return ""; -} - -# Checks for updates to MySQLTuner -sub validate_tuner_version { - if ( $opt{'checkversion'} eq 0 and $opt{'updateversion'} eq 0 ) { - print "\n" unless ( $opt{'silent'} or $opt{'json'} ); - infoprint "Skipped version check for MySQLTuner script"; - return; - } - - my $update; - my $url = -"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; - my $httpcli = get_http_cli(); - if ( $httpcli =~ /curl$/ ) { - debugprint "$httpcli is available."; - - debugprint -"$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; - $update = -`$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; - chomp($update); - debugprint "VERSION: $update"; - - compare_tuner_version($update); - return; - } - - if ( $httpcli =~ /wget$/ ) { - debugprint "$httpcli is available."; - - debugprint -"$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; - $update = -`$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; - chomp($update); - compare_tuner_version($update); - return; - } - debugprint "curl and wget are not available."; - infoprint "Unable to check for the latest MySQLTuner version"; - infoprint -"Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" - if ( defined( $opt{'pass'} ) ); -} - -# Checks for updates to MySQLTuner -sub update_tuner_version { - if ( $opt{'updateversion'} eq 0 ) { - badprint "Skipped version update for MySQLTuner script"; - print "\n" unless ( $opt{'silent'} or $opt{'json'} ); - return; - } - - my $update; - my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/"; - my @scripts = - ( "mysqltuner.pl", "basic_passwords.txt", "vulnerabilities.csv" ); - my $totalScripts = scalar(@scripts); - my $receivedScripts = 0; - my $httpcli = get_http_cli(); - - foreach my $script (@scripts) { - - if ( $httpcli =~ /curl$/ ) { - debugprint "$httpcli is available."; - - debugprint - "$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script"; - $update = - `$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script`; - chomp($update); - debugprint "$script updated: $update"; - - if ( -s $script eq 0 ) { - badprint "Couldn't update $script"; - } - else { - ++$receivedScripts; - debugprint "$script updated: $update"; - } - } - elsif ( $httpcli =~ /wget$/ ) { - - debugprint "$httpcli is available."; - - debugprint -"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; - $update = -`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; - chomp($update); - - if ( -s $script eq 0 ) { - badprint "Couldn't update $script"; - } - else { - ++$receivedScripts; - debugprint "$script updated: $update"; - } - } - else { - debugprint "curl and wget are not available."; - infoprint "Unable to check for the latest MySQLTuner version"; - } - - } - - if ( $receivedScripts eq $totalScripts ) { - goodprint "Successfully updated MySQLTuner script"; - } - else { - badprint "Couldn't update MySQLTuner script"; - } - - #exit 0; -} - -sub compare_tuner_version { - my $remoteversion = shift; - debugprint "Remote data: $remoteversion"; - - #exit 0; - if ( $remoteversion ne $tunerversion ) { - badprint - "There is a new version of MySQLTuner available($remoteversion)"; - update_tuner_version(); - return; - } - goodprint "You have the latest version of MySQLTuner($tunerversion)"; - return; -} - -# Checks to see if a MySQL login is possible -my ( $mysqllogin, $doremote, $remotestring, $mysqlcmd, $mysqladmincmd ); - -my $osname = $^O; -if ( $osname eq 'MSWin32' ) { - eval { require Win32; } or last; - $osname = Win32::GetOSName(); - infoprint "* Windows OS($osname) is not fully supported.\n"; - - #exit 1; -} - -sub mysql_setup { - $doremote = 0; - $remotestring = ''; - if ( $opt{mysqladmin} ) { - $mysqladmincmd = $opt{mysqladmin}; - } - else { - $mysqladmincmd = which( "mysqladmin", $ENV{'PATH'} ); - } - chomp($mysqladmincmd); - if ( !-e $mysqladmincmd && $opt{mysqladmin} ) { - badprint "Unable to find the mysqladmin command you specified: " - . $mysqladmincmd . ""; - exit 1; - } - elsif ( !-e $mysqladmincmd ) { - badprint "Couldn't find mysqladmin in your \$PATH. Is MySQL installed?"; - exit 1; - } - if ( $opt{mysqlcmd} ) { - $mysqlcmd = $opt{mysqlcmd}; - } - else { - $mysqlcmd = which( "mysql", $ENV{'PATH'} ); - } - chomp($mysqlcmd); - if ( !-e $mysqlcmd && $opt{mysqlcmd} ) { - badprint "Unable to find the mysql command you specified: " - . $mysqlcmd . ""; - exit 1; - } - elsif ( !-e $mysqlcmd ) { - badprint "Couldn't find mysql in your \$PATH. Is MySQL installed?"; - exit 1; - } - $mysqlcmd =~ s/\n$//g; - my $mysqlclidefaults = `$mysqlcmd --print-defaults`; - debugprint "MySQL Client: $mysqlclidefaults"; - if ( $mysqlclidefaults =~ /auto-vertical-output/ ) { - badprint - "Avoid auto-vertical-output in configuration file(s) for MySQL like"; - exit 1; - } - - debugprint "MySQL Client: $mysqlcmd"; - - $opt{port} = ( $opt{port} eq 0 ) ? 3306 : $opt{port}; - - # Are we being asked to connect via a socket? - if ( $opt{socket} ne 0 ) { - $remotestring = " -S $opt{socket} -P $opt{port}"; - } - - # Are we being asked to connect to a remote server? - if ( $opt{host} ne 0 ) { - chomp( $opt{host} ); - -# If we're doing a remote connection, but forcemem wasn't specified, we need to exit - if ( $opt{'forcemem'} eq 0 - && ( $opt{host} ne "127.0.0.1" ) - && ( $opt{host} ne "localhost" ) ) - { - badprint "The --forcemem option is required for remote connections"; - exit 1; - } - infoprint "Performing tests on $opt{host}:$opt{port}"; - $remotestring = " -h $opt{host} -P $opt{port}"; - if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { - $doremote = 1; - } - } - else { - $opt{host} = '127.0.0.1'; - } - - if ( $opt{'ssl-ca'} ne 0 ) { - if ( -e -r -f $opt{'ssl-ca'} ) { - $remotestring .= " --ssl-ca=$opt{'ssl-ca'}"; - infoprint - "Will connect using ssl public key passed on the command line"; - return 1; - } - else { - badprint -"Attempted to use passed ssl public key, but it was not found or could not be read"; - exit 1; - } - } - - # Did we already get a username without password on the command line? - if ( $opt{user} ne 0 and $opt{pass} eq 0 ) { - $mysqllogin = "-u $opt{user} " . $remotestring; - my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - goodprint "Logged in using credentials passed on the command line"; - return 1; - } - else { - badprint - "Attempted to use login credentials, but they were invalid"; - exit 1; - } - } - - # Did we already get a username and password passed on the command line? - if ( $opt{user} ne 0 and $opt{pass} ne 0 ) { - $mysqllogin = "-u $opt{user} -p'$opt{pass}'" . $remotestring; - my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - goodprint "Logged in using credentials passed on the command line"; - return 1; - } - else { - badprint - "Attempted to use login credentials, but they were invalid"; - exit 1; - } - } - my $svcprop = which( "svcprop", $ENV{'PATH'} ); - if ( substr( $svcprop, 0, 1 ) =~ "/" ) { - - # We are on solaris - ( my $mysql_login = -`svcprop -p quickbackup/username svc:/network/mysql-quickbackup:default` - ) =~ s/\s+$//; - ( my $mysql_pass = -`svcprop -p quickbackup/password svc:/network/mysql-quickbackup:default` - ) =~ s/\s+$//; - if ( substr( $mysql_login, 0, 7 ) ne "svcprop" ) { - - # mysql-quickbackup is installed - $mysqllogin = "-u $mysql_login -p$mysql_pass"; - my $loginstatus = `mysqladmin $mysqllogin ping 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - goodprint "Logged in using credentials from mysql-quickbackup."; - return 1; - } - else { - badprint -"Attempted to use login credentials from mysql-quickbackup, but they failed."; - exit 1; - } - } - } - elsif ( -r "/etc/psa/.psa.shadow" and $doremote == 0 ) { - - # It's a Plesk box, use the available credentials - $mysqllogin = "-u admin -p`cat /etc/psa/.psa.shadow`"; - my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; - unless ( $loginstatus =~ /mysqld is alive/ ) { - - # Plesk 10+ - $mysqllogin = - "-u admin -p`/usr/local/psa/bin/admin --show-password`"; - $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; - unless ( $loginstatus =~ /mysqld is alive/ ) { - badprint -"Attempted to use login credentials from Plesk and Plesk 10+, but they failed."; - exit 1; - } - } - } - elsif ( -r "/usr/local/directadmin/conf/mysql.conf" and $doremote == 0 ) { - - # It's a DirectAdmin box, use the available credentials - my $mysqluser = - `cat /usr/local/directadmin/conf/mysql.conf | egrep '^user=.*'`; - my $mysqlpass = - `cat /usr/local/directadmin/conf/mysql.conf | egrep '^passwd=.*'`; - - $mysqluser =~ s/user=//; - $mysqluser =~ s/[\r\n]//; - $mysqlpass =~ s/passwd=//; - $mysqlpass =~ s/[\r\n]//; - - $mysqllogin = "-u $mysqluser -p$mysqlpass"; - - my $loginstatus = `mysqladmin ping $mysqllogin 2>&1`; - unless ( $loginstatus =~ /mysqld is alive/ ) { - badprint -"Attempted to use login credentials from DirectAdmin, but they failed."; - exit 1; - } - } - elsif ( -r "/etc/mysql/debian.cnf" - and $doremote == 0 - and $opt{'defaults-file'} eq '' ) - { - - # We have a Debian maintenance account, use it - $mysqllogin = "--defaults-file=/etc/mysql/debian.cnf"; - my $loginstatus = `$mysqladmincmd $mysqllogin ping 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - goodprint - "Logged in using credentials from Debian maintenance account."; - return 1; - } - else { - badprint -"Attempted to use login credentials from Debian maintenance account, but they failed."; - exit 1; - } - } - elsif ( $opt{'defaults-file'} ne '' and -r "$opt{'defaults-file'}" ) { - - # defaults-file - debugprint "defaults file detected: $opt{'defaults-file'}"; - my $mysqlclidefaults = `$mysqlcmd --print-defaults`; - debugprint "MySQL Client Default File: $opt{'defaults-file'}"; - - $mysqllogin = "--defaults-file=" . $opt{'defaults-file'}; - my $loginstatus = `$mysqladmincmd $mysqllogin ping 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - goodprint "Logged in using credentials from defaults file account."; - return 1; - } - } - else { - - # It's not Plesk or Debian, we should try a login - debugprint "$mysqladmincmd $remotestring ping 2>&1"; - my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - - # Login went just fine - $mysqllogin = " $remotestring "; - - # Did this go well because of a .my.cnf file or is there no password set? - my $userpath = `printenv HOME`; - if ( length($userpath) > 0 ) { - chomp($userpath); - } - unless ( -e "${userpath}/.my.cnf" or -e "${userpath}/.mylogin.cnf" ) - { - badprint -"Successfully authenticated with no password - SECURITY RISK!"; - } - return 1; - } - else { - if ( $opt{'noask'} == 1 ) { - badprint - "Attempted to use login credentials, but they were invalid"; - exit 1; - } - my ( $name, $password ); - - # If --user is defined no need to ask for username - if ( $opt{user} ne 0 ) { - $name = $opt{user}; - } - else { - print STDERR "Please enter your MySQL administrative login: "; - $name = ; - } - - # If --pass is defined no need to ask for password - if ( $opt{pass} ne 0 ) { - $password = $opt{pass}; - } - else { - print STDERR - "Please enter your MySQL administrative password: "; - system("stty -echo >$devnull 2>&1"); - $password = ; - system("stty echo >$devnull 2>&1"); - } - chomp($password); - chomp($name); - $mysqllogin = "-u $name"; - - if ( length($password) > 0 ) { - $mysqllogin .= " -p'$password'"; - } - $mysqllogin .= $remotestring; - my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; - if ( $loginstatus =~ /mysqld is alive/ ) { - print STDERR ""; - if ( !length($password) ) { - - # Did this go well because of a .my.cnf file or is there no password set? - my $userpath = `printenv HOME`; - chomp($userpath); - unless ( -e "$userpath/.my.cnf" ) { - badprint -"Successfully authenticated with no password - SECURITY RISK!"; - } - } - return 1; - } - else { - badprint - "Attempted to use login credentials, but they were invalid."; - exit 1; - } - exit 1; - } - } - -} - -# MySQL Request Array -sub select_array { - my $req = shift; - debugprint "PERFORM: $req "; - my @result = `$mysqlcmd $mysqllogin -Bse "\\w$req" 2>>/dev/null`; - if ( $? != 0 ) { - badprint "failed to execute: $req"; - badprint "FAIL Execute SQL / return code: $?"; - debugprint "CMD : $mysqlcmd"; - debugprint "OPTIONS: $mysqllogin"; - debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; - - #exit $?; - } - debugprint "select_array: return code : $?"; - chomp(@result); - return @result; -} - -sub human_size { - my ( $size, $n ) = ( shift, 0 ); - ++$n and $size /= 1024 until $size < 1024; - return sprintf "%.2f %s", $size, (qw[ bytes KB MB GB ])[$n]; -} - -# MySQL Request one -sub select_one { - my $req = shift; - debugprint "PERFORM: $req "; - my $result = `$mysqlcmd $mysqllogin -Bse "\\w$req" 2>>/dev/null`; - if ( $? != 0 ) { - badprint "failed to execute: $req"; - badprint "FAIL Execute SQL / return code: $?"; - debugprint "CMD : $mysqlcmd"; - debugprint "OPTIONS: $mysqllogin"; - debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; - - #exit $?; - } - debugprint "select_array: return code : $?"; - chomp($result); - return $result; -} - -# MySQL Request one -sub select_one_g { - my $pattern = shift; - - my $req = shift; - debugprint "PERFORM: $req "; - my @result = `$mysqlcmd $mysqllogin -re "\\w$req\\G" 2>>/dev/null`; - if ( $? != 0 ) { - badprint "failed to execute: $req"; - badprint "FAIL Execute SQL / return code: $?"; - debugprint "CMD : $mysqlcmd"; - debugprint "OPTIONS: $mysqllogin"; - debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; - - #exit $?; - } - debugprint "select_array: return code : $?"; - chomp(@result); - return ( grep { /$pattern/ } @result )[0]; -} - -sub select_str_g { - my $pattern = shift; - - my $req = shift; - my $str = select_one_g $pattern, $req; - return () unless defined $str; - my @val = split /:/, $str; - shift @val; - return trim(@val); -} - -sub get_tuning_info { - my @infoconn = select_array "\\s"; - my ( $tkey, $tval ); - @infoconn = - grep { !/Threads:/ and !/Connection id:/ and !/pager:/ and !/Using/ } - @infoconn; - foreach my $line (@infoconn) { - if ( $line =~ /\s*(.*):\s*(.*)/ ) { - debugprint "$1 => $2"; - $tkey = $1; - $tval = $2; - chomp($tkey); - chomp($tval); - $result{'MySQL Client'}{$tkey} = $tval; - } - } - $result{'MySQL Client'}{'Client Path'} = $mysqlcmd; - $result{'MySQL Client'}{'Admin Path'} = $mysqladmincmd; - $result{'MySQL Client'}{'Authentication Info'} = $mysqllogin; - -} - -# Populates all of the variable and status hashes -my ( %mystat, %myvar, $dummyselect, %myrepl, %myslaves ); - -sub arr2hash { - my $href = shift; - my $harr = shift; - my $sep = shift; - $sep = '\s' unless defined($sep); - foreach my $line (@$harr) { - next if ( $line =~ m/^\*\*\*\*\*\*\*/ ); - $line =~ /([a-zA-Z_]*)\s*$sep\s*(.*)/; - $$href{$1} = $2; - debugprint "V: $1 = $2"; - } -} - -sub get_all_vars { - - # We need to initiate at least one query so that our data is useable - $dummyselect = select_one "SELECT VERSION()"; - if ( not defined($dummyselect) or $dummyselect eq "" ) { - badprint -"You probably did not get enough privileges for running MySQLTuner ..."; - exit(256); - } - $dummyselect =~ s/(.*?)\-.*/$1/; - debugprint "VERSION: " . $dummyselect . ""; - $result{'MySQL Client'}{'Version'} = $dummyselect; - - my @mysqlvarlist = select_array("SHOW VARIABLES"); - push( @mysqlvarlist, select_array("SHOW GLOBAL VARIABLES") ); - arr2hash( \%myvar, \@mysqlvarlist ); - $result{'Variables'} = \%myvar; - - my @mysqlstatlist = select_array("SHOW STATUS"); - push( @mysqlstatlist, select_array("SHOW GLOBAL STATUS") ); - arr2hash( \%mystat, \@mysqlstatlist ); - $result{'Status'} = \%mystat; - unless ( defined( $myvar{'innodb_support_xa'} ) ) { - $myvar{'innodb_support_xa'} = 'ON'; - } - $mystat{'Uptime'} = 1 - unless defined( $mystat{'Uptime'} ) - and $mystat{'Uptime'} > 0; - $myvar{'have_galera'} = "NO"; - if ( defined( $myvar{'wsrep_provider_options'} ) - && $myvar{'wsrep_provider_options'} ne "" - && $myvar{'wsrep_on'} ne "OFF" ) - { - $myvar{'have_galera'} = "YES"; - debugprint "Galera options: " . $myvar{'wsrep_provider_options'}; - } - - # Workaround for MySQL bug #59393 wrt. ignore-builtin-innodb - if ( ( $myvar{'ignore_builtin_innodb'} || "" ) eq "ON" ) { - $myvar{'have_innodb'} = "NO"; - } - - # Support GTID MODE FOR MARIADB - # Issue MariaDB GTID mode #272 - $myvar{'gtid_mode'} = $myvar{'gtid_strict_mode'} - if ( defined( $myvar{'gtid_strict_mode'} ) ); - - $myvar{'have_threadpool'} = "NO"; - if ( defined( $myvar{'thread_pool_size'} ) - and $myvar{'thread_pool_size'} > 0 ) - { - $myvar{'have_threadpool'} = "YES"; - } - - # have_* for engines is deprecated and will be removed in MySQL 5.6; - # check SHOW ENGINES and set corresponding old style variables. - # Also works around MySQL bug #59393 wrt. skip-innodb - my @mysqlenginelist = select_array "SHOW ENGINES"; - foreach my $line (@mysqlenginelist) { - if ( $line =~ /^([a-zA-Z_]+)\s+(\S+)/ ) { - my $engine = lc($1); - - if ( $engine eq "federated" || $engine eq "blackhole" ) { - $engine .= "_engine"; - } - elsif ( $engine eq "berkeleydb" ) { - $engine = "bdb"; - } - my $val = ( $2 eq "DEFAULT" ) ? "YES" : $2; - $myvar{"have_$engine"} = $val; - $result{'Storage Engines'}{$engine} = $2; - } - } - debugprint Dumper(@mysqlenginelist); - my @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); - arr2hash( \%myrepl, \@mysqlslave, ':' ); - $result{'Replication'}{'Status'} = \%myrepl; - my @mysqlslaves = select_array "SHOW SLAVE HOSTS"; - my @lineitems = (); - foreach my $line (@mysqlslaves) { - debugprint "L: $line "; - @lineitems = split /\s+/, $line; - $myslaves{ $lineitems[0] } = $line; - $result{'Replication'}{'Slaves'}{ $lineitems[0] } = $lineitems[4]; - } -} - -sub remove_cr { - return map { - my $line = $_; - $line =~ s/\n$//g; - $line =~ s/^\s+$//g; - $line; - } @_; -} - -sub remove_empty { - grep { $_ ne '' } @_; -} - -sub grep_file_contents { - my $file = shift; - my $patt; -} - -sub get_file_contents { - my $file = shift; - open( my $fh, "<", $file ) or die "Can't open $file for read: $!"; - my @lines = <$fh>; - close $fh or die "Cannot close $file: $!"; - @lines = remove_cr @lines; - return @lines; -} - -sub get_basic_passwords { - return get_file_contents(shift); -} - -sub get_log_file_real_path { - my $file = shift; - my $hostname = shift; - my $datadir = shift; - if ( -f "$file" ) { - return $file; - } - elsif ( -f "$hostname.err" ) { - return "$hostname.err"; - } - elsif ( $datadir ne "" ) { - return "$datadir$hostname.err"; - } - else { - return $file; - } -} - -sub log_file_recommendations { - $myvar{'log_error'} = - get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, - $myvar{'datadir'} ); - subheaderprint "Log file Recommendations"; - infoprint "Log file: " - . $myvar{'log_error'} . "(" - . hr_bytes_rnd( ( stat $myvar{'log_error'} )[7] ) . ")"; - if ( -f "$myvar{'log_error'}" ) { - goodprint "Log file $myvar{'log_error'} exists"; - } - else { - badprint "Log file $myvar{'log_error'} doesn't exist"; - } - if ( -r "$myvar{'log_error'}" ) { - goodprint "Log file $myvar{'log_error'} is readable."; - } - else { - badprint "Log file $myvar{'log_error'} isn't readable."; - return; - } - if ( ( stat $myvar{'log_error'} )[7] > 0 ) { - goodprint "Log file $myvar{'log_error'} is not empty"; - } - else { - badprint "Log file $myvar{'log_error'} is empty"; - } - - if ( ( stat $myvar{'log_error'} )[7] < 32 * 1024 * 1024 ) { - goodprint "Log file $myvar{'log_error'} is smaller than 32 Mb"; - } - else { - badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; - push @generalrec, - $myvar{'log_error'} - . " is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; - } - - my $numLi = 0; - my $nbWarnLog = 0; - my $nbErrLog = 0; - my @lastShutdowns; - my @lastStarts; - - open( my $fh, '<', $myvar{'log_error'} ) - or die "Can't open $myvar{'log_error'} for read: $!"; - - while ( my $logLi = <$fh> ) { - chomp $logLi; - $numLi++; - debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; - $nbErrLog++ if $logLi =~ /error/i; - $nbWarnLog++ if $logLi =~ /warning/i; - push @lastShutdowns, $logLi - if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; - push @lastStarts, $logLi if $logLi =~ /ready for connections/; - } - close $fh; - - if ( $nbWarnLog > 0 ) { - badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; - push @generalrec, - "Control warning line(s) into $myvar{'log_error'} file"; - } - else { - goodprint "$myvar{'log_error'} doesn't contain any warning."; - } - if ( $nbErrLog > 0 ) { - badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; - push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; - } - else { - goodprint "$myvar{'log_error'} doesn't contain any error."; - } - - infoprint scalar @lastStarts . " start(s) detected in $myvar{'log_error'}"; - my $nStart = 0; - my $nEnd = 10; - if ( scalar @lastStarts < $nEnd ) { - $nEnd = scalar @lastStarts; - } - for my $startd ( reverse @lastStarts[ -$nEnd .. -1 ] ) { - $nStart++; - infoprint "$nStart) $startd"; - } - infoprint scalar @lastShutdowns - . " shutdown(s) detected in $myvar{'log_error'}"; - $nStart = 0; - $nEnd = 10; - if ( scalar @lastShutdowns < $nEnd ) { - $nEnd = scalar @lastShutdowns; - } - for my $shutd ( reverse @lastShutdowns[ -$nEnd .. -1 ] ) { - $nStart++; - infoprint "$nStart) $shutd"; - } - - #exit 0; -} - -sub cve_recommendations { - subheaderprint "CVE Security Recommendations"; - unless ( defined( $opt{cvefile} ) && -f "$opt{cvefile}" ) { - infoprint "Skipped due to --cvefile option undefined"; - return; - } - -#$mysqlvermajor=10; -#$mysqlverminor=1; -#$mysqlvermicro=17; -#prettyprint "Look for related CVE for $myvar{'version'} or lower in $opt{cvefile}"; - my $cvefound = 0; - open( my $fh, "<", $opt{cvefile} ) - or die "Can't open $opt{cvefile} for read: $!"; - while ( my $cveline = <$fh> ) { - my @cve = split( ';', $cveline ); - debugprint -"Comparing $mysqlvermajor\.$mysqlverminor\.$mysqlvermicro with $cve[1]\.$cve[2]\.$cve[3] : " - . ( mysql_version_le( $cve[1], $cve[2], $cve[3] ) ? '<=' : '>' ); - - # Avoid not major/minor version corresponding CVEs - next - unless ( int( $cve[1] ) == $mysqlvermajor - && int( $cve[2] ) == $mysqlverminor ); - if ( int( $cve[3] ) >= $mysqlvermicro ) { - badprint "$cve[4](<= $cve[1]\.$cve[2]\.$cve[3]) : $cve[6]"; - $result{'CVE'}{'List'}{$cvefound} = - "$cve[4](<= $cve[1]\.$cve[2]\.$cve[3]) : $cve[6]"; - $cvefound++; - } - } - close $fh or die "Cannot close $opt{cvefile}: $!"; - $result{'CVE'}{'nb'} = $cvefound; - - my $cve_warning_notes = ""; - if ( $cvefound == 0 ) { - goodprint "NO SECURITY CVE FOUND FOR YOUR VERSION"; - return; - } - if ( $mysqlvermajor eq 5 and $mysqlverminor eq 5 ) { - infoprint - "False positive CVE(s) for MySQL and MariaDB 5.5.x can be found."; - infoprint "Check careful each CVE for those particular versions"; - } - badprint $cvefound . " CVE(s) found for your MySQL release."; - push( @generalrec, - $cvefound - . " CVE(s) found for your MySQL release. Consider upgrading your version !" - ); -} - -sub get_opened_ports { - my @opened_ports = `netstat -ltn`; - @opened_ports = map { - my $v = $_; - $v =~ s/.*:(\d+)\s.*$/$1/; - $v =~ s/\D//g; - $v; - } @opened_ports; - @opened_ports = sort { $a <=> $b } grep { !/^$/ } @opened_ports; - debugprint Dumper \@opened_ports; - $result{'Network'}{'TCP Opened'} = \@opened_ports; - return @opened_ports; -} - -sub is_open_port { - my $port = shift; - if ( grep { /^$port$/ } get_opened_ports ) { - return 1; - } - return 0; -} - -sub get_process_memory { - my $pid = shift; - my @mem = `ps -p $pid -o rss`; - return 0 if scalar @mem != 2; - return $mem[1] * 1024; -} - -sub get_other_process_memory { - return 0 if ( $opt{tbstat} == 0 ); - my @procs = `ps eaxo pid,command`; - @procs = map { - my $v = $_; - $v =~ s/.*PID.*//; - $v =~ s/.*mysqld.*//; - $v =~ s/.*\[.*\].*//; - $v =~ s/^\s+$//g; - $v =~ s/.*PID.*CMD.*//; - $v =~ s/.*systemd.*//; - $v =~ s/\s*?(\d+)\s*.*/$1/g; - $v; - } @procs; - @procs = remove_cr @procs; - @procs = remove_empty @procs; - my $totalMemOther = 0; - map { $totalMemOther += get_process_memory($_); } @procs; - return $totalMemOther; -} - -sub get_os_release { - if ( -f "/etc/lsb-release" ) { - my @info_release = get_file_contents "/etc/lsb-release"; - my $os_release = $info_release[3]; - $os_release =~ s/.*="//; - $os_release =~ s/"$//; - return $os_release; - } - - if ( -f "/etc/system-release" ) { - my @info_release = get_file_contents "/etc/system-release"; - return $info_release[0]; - } - - if ( -f "/etc/os-release" ) { - my @info_release = get_file_contents "/etc/os-release"; - my $os_release = $info_release[0]; - $os_release =~ s/.*="//; - $os_release =~ s/"$//; - return $os_release; - } - - if ( -f "/etc/issue" ) { - my @info_release = get_file_contents "/etc/issue"; - my $os_release = $info_release[0]; - $os_release =~ s/\s+\\n.*//; - return $os_release; - } - return "Unknown OS release"; -} - -sub get_fs_info { - my @sinfo = `df -P | grep '%'`; - my @iinfo = `df -Pi| grep '%'`; - shift @iinfo; - @sinfo = map { - my $v = $_; - $v =~ s/.*\s(\d+)%\s+(.*)/$1\t$2/g; - $v; - } @sinfo; - foreach my $info (@sinfo) { - next if $info =~ m{(\d+)\t/(run|dev|sys|proc)($|/)}; - if ( $info =~ /(\d+)\t(.*)/ ) { - if ( $1 > 85 ) { - badprint "mount point $2 is using $1 % total space"; - push( @generalrec, "Add some space to $2 mountpoint." ); - } - else { - infoprint "mount point $2 is using $1 % of total space"; - } - $result{'Filesystem'}{'Space Pct'}{$2} = $1; - } - } - - @iinfo = map { - my $v = $_; - $v =~ s/.*\s(\d+)%\s+(.*)/$1\t$2/g; - $v; - } @iinfo; - foreach my $info (@iinfo) { - next if $info =~ m{(\d+)\t/(run|dev|sys|proc)($|/)}; - if ( $info =~ /(\d+)\t(.*)/ ) { - if ( $1 > 85 ) { - badprint "mount point $2 is using $1 % of max allowed inodes"; - push( @generalrec, -"Cleanup files from $2 mountpoint or reformat you filesystem." - ); - } - else { - infoprint "mount point $2 is using $1 % of max allowed inodes"; - } - $result{'Filesystem'}{'Inode Pct'}{$2} = $1; - } - } -} - -sub merge_hash { - my $h1 = shift; - my $h2 = shift; - my %result = {}; - foreach my $substanceref ( $h1, $h2 ) { - while ( my ( $k, $v ) = each %$substanceref ) { - next if ( exists $result{$k} ); - $result{$k} = $v; - } - } - return \%result; -} - -sub is_virtual_machine { - my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; - return ( $isVm == 0 ? 0 : 1 ); -} - -sub infocmd { - my $cmd = "@_"; - debugprint "CMD: $cmd"; - my @result = `$cmd`; - @result = remove_cr @result; - for my $l (@result) { - infoprint "$l"; - } -} - -sub infocmd_tab { - my $cmd = "@_"; - debugprint "CMD: $cmd"; - my @result = `$cmd`; - @result = remove_cr @result; - for my $l (@result) { - infoprint "\t$l"; - } -} - -sub infocmd_one { - my $cmd = "@_"; - my @result = `$cmd 2>&1`; - @result = remove_cr @result; - return join ', ', @result; -} - -sub get_kernel_info { - my @params = ( - 'fs.aio-max-nr', 'fs.aio-nr', - 'fs.file-max', 'sunrpc.tcp_fin_timeout', - 'sunrpc.tcp_max_slot_table_entries', 'sunrpc.tcp_slot_table_entries', - 'vm.swappiness' - ); - infoprint "Information about kernel tuning:"; - foreach my $param (@params) { - infocmd_tab("sysctl $param 2>/dev/null"); - $result{'OS'}{'Config'}{$param} = `sysctl -n $param 2>/dev/null`; - } - if ( `sysctl -n vm.swappiness` > 10 ) { - badprint - "Swappiness is > 10, please consider having a value lower than 10"; - push @generalrec, "setup swappiness lower or equals to 10"; - push @adjvars, - 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; - } - else { - infoprint "Swappiness is < 10."; - } - - # only if /proc/sys/sunrpc exists - my $tcp_slot_entries = - `sysctl -n sunrpc.tcp_slot_table_entries 2>/dev/null`; - if ( -f "/proc/sys/sunrpc" - and ( $tcp_slot_entries eq '' or $tcp_slot_entries < 100 ) ) - { - badprint -"Initial TCP slot entries is < 1M, please consider having a value greater than 100"; - push @generalrec, "setup Initial TCP slot entries greater than 100"; - push @adjvars, -'sunrpc.tcp_slot_table_entries > 100 (echo 128 > /proc/sys/sunrpc/tcp_slot_table_entries)'; - } - else { - infoprint "TCP slot entries is > 100."; - } - - if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { - badprint -"Max running total of the number of events is < 1M, please consider having a value greater than 1M"; - push @generalrec, "setup Max running number events greater than 1M"; - push @adjvars, - 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; - } - else { - infoprint "Max Number of AIO events is > 1M."; - } - -} - -sub get_system_info { - $result{'OS'}{'Release'} = get_os_release(); - infoprint get_os_release; - if (is_virtual_machine) { - infoprint "Machine type : Virtual machine"; - $result{'OS'}{'Virtual Machine'} = 'YES'; - } - else { - infoprint "Machine type : Physical machine"; - $result{'OS'}{'Virtual Machine'} = 'NO'; - } - - $result{'Network'}{'Connected'} = 'NO'; - `ping -c 1 ipecho.net &>/dev/null`; - my $isConnected = $?; - if ( $? == 0 ) { - infoprint "Internet : Connected"; - $result{'Network'}{'Connected'} = 'YES'; - } - else { - badprint "Internet : Disconnected"; - } - $result{'OS'}{'NbCore'} = cpu_cores; - infoprint "Number of Core CPU : " . cpu_cores; - $result{'OS'}{'Type'} = `uname -o`; - infoprint "Operating System Type : " . infocmd_one "uname -o"; - $result{'OS'}{'Kernel'} = `uname -r`; - infoprint "Kernel Release : " . infocmd_one "uname -r"; - $result{'OS'}{'Hostname'} = `hostname`; - $result{'Network'}{'Internal Ip'} = `hostname -I`; - infoprint "Hostname : " . infocmd_one "hostname"; - infoprint "Network Cards : "; - infocmd_tab "ifconfig| grep -A1 mtu"; - infoprint "Internal IP : " . infocmd_one "hostname -I"; - $result{'Network'}{'Internal Ip'} = `ifconfig| grep -A1 mtu`; - my $httpcli = get_http_cli(); - infoprint "HTTP client found: $httpcli" if defined $httpcli; - - my $ext_ip = ""; - if ( $httpcli =~ /curl$/ ) { - $ext_ip = infocmd_one "$httpcli -m 3 ipecho.net/plain"; - } - elsif ( $httpcli =~ /wget$/ ) { - - $ext_ip = infocmd_one "$httpcli -t 1 -T 3 -q -O - ipecho.net/plain"; - } - infoprint "External IP : " . $ext_ip; - $result{'Network'}{'External Ip'} = $ext_ip; - badprint - "External IP : Can't check because of Internet connectivity" - unless defined($httpcli); - infoprint "Name Servers : " - . infocmd_one "grep 'nameserver' /etc/resolv.conf \| awk '{print \$2}'"; - infoprint "Logged In users : "; - infocmd_tab "who"; - $result{'OS'}{'Logged users'} = `who`; - infoprint "Ram Usages in Mb : "; - infocmd_tab "free -m | grep -v +"; - $result{'OS'}{'Free Memory RAM'} = `free -m | grep -v +`; - infoprint "Load Average : "; - infocmd_tab "top -n 1 -b | grep 'load average:'"; - $result{'OS'}{'Load Average'} = `top -n 1 -b | grep 'load average:'`; - - infoprint "System Uptime : "; - infocmd_tab "uptime"; - $result{'OS'}{'Uptime'} = `uptime`; -} - -sub system_recommendations { - return if ( $opt{sysstat} == 0 ); - subheaderprint "System Linux Recommendations"; - my $os = `uname`; - unless ( $os =~ /Linux/i ) { - infoprint "Skipped due to non Linux server"; - return; - } - prettyprint "Look for related Linux system recommendations"; - - #prettyprint '-'x78; - get_system_info(); - my $omem = get_other_process_memory; - infoprint "User process except mysqld used " - . hr_bytes_rnd($omem) . " RAM."; - if ( ( 0.15 * $physical_memory ) < $omem ) { - badprint -"Other user process except mysqld used more than 15% of total physical memory " - . percentage( $omem, $physical_memory ) . "% (" - . hr_bytes_rnd($omem) . " / " - . hr_bytes_rnd($physical_memory) . ")"; - push( @generalrec, -"Consider stopping or dedicate server for additional process other than mysqld." - ); - push( @adjvars, -"DON'T APPLY SETTINGS BECAUSE THERE ARE TOO MANY PROCESSES RUNNING ON THIS SERVER. OOM KILL CAN OCCUR!" - ); - } - else { - infoprint -"Other user process except mysqld used less than 15% of total physical memory " - . percentage( $omem, $physical_memory ) . "% (" - . hr_bytes_rnd($omem) . " / " - . hr_bytes_rnd($physical_memory) . ")"; - } - - if ( $opt{'maxportallowed'} > 0 ) { - my @opened_ports = get_opened_ports; - infoprint "There is " - . scalar @opened_ports - . " listening port(s) on this server."; - if ( scalar(@opened_ports) > $opt{'maxportallowed'} ) { - badprint "There is too many listening ports: " - . scalar(@opened_ports) - . " opened > " - . $opt{'maxportallowed'} - . "allowed."; - push( @generalrec, -"Consider dedicating a server for your database installation with less services running on !" - ); - } - else { - goodprint "There is less than " - . $opt{'maxportallowed'} - . " opened ports on this server."; - } - } - - foreach my $banport (@banned_ports) { - if ( is_open_port($banport) ) { - badprint "Banned port: $banport is opened.."; - push( @generalrec, -"Port $banport is opened. Consider stopping program handling this port." - ); - } - else { - goodprint "$banport is not opened."; - } - } - - get_fs_info; - get_kernel_info; -} - -sub security_recommendations { - subheaderprint "Security Recommendations"; - - if ( mysql_version_eq(8) ) { - infoprint "Skipped due to unsupported feature for MySQL 8"; - return; - } - - #exit 0; - if ( $opt{skippassword} eq 1 ) { - infoprint "Skipped due to --skippassword option"; - return; - } - - my $PASS_COLUMN_NAME = 'password'; - if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { - my $password_column_exists = -`$mysqlcmd $mysqllogin -Bse "SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'password'" 2>>/dev/null`; - if ($password_column_exists) { - $PASS_COLUMN_NAME = -"IF(plugin='mysql_native_password', authentication_string, password)"; - } - else { - $PASS_COLUMN_NAME = 'authentication_string'; - } - } - debugprint "Password column = $PASS_COLUMN_NAME"; - - # Looking for Anonymous users - my @mysqlstatlist = select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE TRIM(USER) = '' OR USER IS NULL"; - debugprint Dumper \@mysqlstatlist; - - #exit 0; - if (@mysqlstatlist) { - foreach my $line ( sort @mysqlstatlist ) { - chomp($line); - badprint "User '" . $line . "' is an anonymous account."; - } - push( @generalrec, - "Remove Anonymous User accounts - there are " - . scalar(@mysqlstatlist) - . " anonymous accounts." ); - } - else { - goodprint "There are no anonymous accounts for any database users"; - } - if ( mysql_version_le( 5, 1 ) ) { - badprint "No more password checks for MySQL version <=5.1"; - badprint "MySQL version <=5.1 are deprecated and end of support."; - return; - } - - # Looking for Empty Password - if ( mysql_version_ge( 5, 5 ) ) { - @mysqlstatlist = select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL) AND plugin NOT IN ('unix_socket', 'win_socket', 'auth_pam_compat')"; - } - else { - @mysqlstatlist = select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)"; - } - if (@mysqlstatlist) { - foreach my $line ( sort @mysqlstatlist ) { - chomp($line); - badprint "User '" . $line . "' has no password set."; - } - push( @generalrec, -"Set up a Password for user with the following SQL statement ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )" - ); - } - else { - goodprint "All database users have passwords assigned"; - } - - if ( mysql_version_ge( 5, 7 ) ) { - my $valPlugin = select_one( -"select count(*) from information_schema.plugins where PLUGIN_NAME='validate_password' AND PLUGIN_STATUS='ACTIVE'" - ); - if ( $valPlugin >= 1 ) { - infoprint -"Bug #80860 MySQL 5.7: Avoid testing password when validate_password is activated"; - return; - } - } - - # Looking for User with user/ uppercase /capitalise user as password - @mysqlstatlist = select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(user) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(UPPER(user)) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(CONCAT(UPPER(LEFT(User, 1)), SUBSTRING(User, 2, LENGTH(User))))"; - if (@mysqlstatlist) { - foreach my $line ( sort @mysqlstatlist ) { - chomp($line); - badprint "User '" . $line . "' has user name as password."; - } - push( @generalrec, -"Set up a Secure Password for user\@host ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )" - ); - } - - @mysqlstatlist = select_array - "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%'"; - if (@mysqlstatlist) { - foreach my $line ( sort @mysqlstatlist ) { - chomp($line); - badprint "User '" . $line - . "' does not specify hostname restrictions."; - } - push( @generalrec, - "Restrict Host for user\@% to user\@SpecificDNSorIp" ); - } - - unless ( -f $basic_password_files ) { - badprint "There is no basic password file list!"; - return; - } - - my @passwords = get_basic_passwords $basic_password_files; - infoprint "There are " - . scalar(@passwords) - . " basic passwords in the list."; - my $nbins = 0; - my $passreq; - if (@passwords) { - my $nbInterPass = 0; - foreach my $pass (@passwords) { - $nbInterPass++; - - $pass =~ s/\s//g; - $pass =~ s/\'/\\\'/g; - chomp($pass); - - # Looking for User with user/ uppercase /capitalise weak password - @mysqlstatlist = - select_array -"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE $PASS_COLUMN_NAME = PASSWORD('" - . $pass - . "') OR $PASS_COLUMN_NAME = PASSWORD(UPPER('" - . $pass - . "')) OR $PASS_COLUMN_NAME = PASSWORD(CONCAT(UPPER(LEFT('" - . $pass - . "', 1)), SUBSTRING('" - . $pass - . "', 2, LENGTH('" - . $pass . "'))))"; - debugprint "There is " . scalar(@mysqlstatlist) . " items."; - if (@mysqlstatlist) { - foreach my $line (@mysqlstatlist) { - chomp($line); - badprint "User '" . $line - . "' is using weak password: $pass in a lower, upper or capitalize derivative version."; - $nbins++; - } - } - debugprint "$nbInterPass / " . scalar(@passwords) - if ( $nbInterPass % 1000 == 0 ); - } - } - if ( $nbins > 0 ) { - push( @generalrec, $nbins . " user(s) used basic or weak password." ); - } -} - -sub get_replication_status { - subheaderprint "Replication Metrics"; - infoprint "Galera Synchronous replication: " . $myvar{'have_galera'}; - if ( scalar( keys %myslaves ) == 0 ) { - infoprint "No replication slave(s) for this server."; - } - else { - infoprint "This server is acting as master for " - . scalar( keys %myslaves ) - . " server(s)."; - } - infoprint "Binlog format: " . $myvar{'binlog_format'}; - infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; - - infoprint "Semi synchronous replication Master: " - . ( - defined( $myvar{'rpl_semi_sync_master_enabled'} ) - ? $myvar{'rpl_semi_sync_master_enabled'} - : 'Not Activated' - ); - infoprint "Semi synchronous replication Slave: " - . ( - defined( $myvar{'rpl_semi_sync_slave_enabled'} ) - ? $myvar{'rpl_semi_sync_slave_enabled'} - : 'Not Activated' - ); - if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { - infoprint "This is a standalone server"; - return; - } - if ( scalar( keys %myrepl ) == 0 ) { - infoprint - "No replication setup for this server or replication not started."; - return; - } - - $result{'Replication'}{'status'} = \%myrepl; - my ($io_running) = $myrepl{'Slave_IO_Running'}; - debugprint "IO RUNNING: $io_running "; - my ($sql_running) = $myrepl{'Slave_SQL_Running'}; - debugprint "SQL RUNNING: $sql_running "; - my ($seconds_behind_master) = $myrepl{'Seconds_Behind_Master'}; - debugprint "SECONDS : $seconds_behind_master "; - - if ( defined($io_running) - and ( $io_running !~ /yes/i or $sql_running !~ /yes/i ) ) - { - badprint - "This replication slave is not running but seems to be configured."; - } - if ( defined($io_running) - && $io_running =~ /yes/i - && $sql_running =~ /yes/i ) - { - if ( $myvar{'read_only'} eq 'OFF' ) { - badprint -"This replication slave is running with the read_only option disabled."; - } - else { - goodprint -"This replication slave is running with the read_only option enabled."; - } - if ( $seconds_behind_master > 0 ) { - badprint -"This replication slave is lagging and slave has $seconds_behind_master second(s) behind master host."; - } - else { - goodprint "This replication slave is up to date with master."; - } - } -} - -sub validate_mysql_version { - ( $mysqlvermajor, $mysqlverminor, $mysqlvermicro ) = - $myvar{'version'} =~ /^(\d+)(?:\.(\d+)|)(?:\.(\d+)|)/; - $mysqlverminor ||= 0; - $mysqlvermicro ||= 0; - if ( !mysql_version_ge( 5, 1 ) ) { - badprint "Your MySQL version " - . $myvar{'version'} - . " is EOL software! Upgrade soon!"; - } - elsif ( ( mysql_version_ge(6) and mysql_version_le(9) ) - or mysql_version_ge(12) ) - { - badprint "Currently running unsupported MySQL version " - . $myvar{'version'} . ""; - } - else { - goodprint "Currently running supported MySQL version " - . $myvar{'version'} . ""; - } -} - -# Checks if MySQL version is equal to (major, minor, micro) -sub mysql_version_eq { - my ( $maj, $min, $mic ) = @_; - return int($mysqlvermajor) == int($maj) - if ( !defined($min) && !defined($mic) ); - return int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) - if ( !defined($mic) ); - return ( int($mysqlvermajor) == int($maj) - && int($mysqlverminor) == int($min) - && int($mysqlvermicro) == int($mic) ); -} - -# Checks if MySQL version is greater than equal to (major, minor, micro) -sub mysql_version_ge { - my ( $maj, $min, $mic ) = @_; - $min ||= 0; - $mic ||= 0; - return - int($mysqlvermajor) > int($maj) - || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) - || ( int($mysqlvermajor) == int($maj) - && int($mysqlverminor) == int($min) - && int($mysqlvermicro) >= int($mic) ); -} - -# Checks if MySQL version is lower than equal to (major, minor, micro) -sub mysql_version_le { - my ( $maj, $min, $mic ) = @_; - $min ||= 0; - $mic ||= 0; - return - int($mysqlvermajor) < int($maj) - || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) - || ( int($mysqlvermajor) == int($maj) - && int($mysqlverminor) == int($min) - && int($mysqlvermicro) <= int($mic) ); -} - -# Checks if MySQL micro version is lower than equal to (major, minor, micro) -sub mysql_micro_version_le { - my ( $maj, $min, $mic ) = @_; - return $mysqlvermajor == $maj - && ( $mysqlverminor == $min - && $mysqlvermicro <= $mic ); -} - -# Checks for 32-bit boxes with more than 2GB of RAM -my ($arch); - -sub check_architecture { - if ( $doremote eq 1 ) { return; } - if ( `uname` =~ /SunOS/ && `isainfo -b` =~ /64/ ) { - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` !~ /SunOS/ && `uname -m` =~ /(64|s390x)/ ) { - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` =~ /AIX/ && `bootinfo -K` =~ /64/ ) { - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` =~ /NetBSD|OpenBSD/ && `sysctl -b hw.machine` =~ /64/ ) { - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` =~ /FreeBSD/ && `sysctl -b hw.machine_arch` =~ /64/ ) { - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /Power Macintosh/ ) { - -# Darwin box.local 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu1228.15.4~1/RELEASE_PPC Power Macintosh - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /x86_64/ ) { - -# Darwin gibas.local 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 - $arch = 64; - goodprint "Operating on 64-bit architecture"; - } - else { - $arch = 32; - if ( $physical_memory > 2147483648 ) { - badprint -"Switch to 64-bit OS - MySQL cannot currently use all of your RAM"; - } - else { - goodprint "Operating on 32-bit architecture with less than 2GB RAM"; - } - } - $result{'OS'}{'Architecture'} = "$arch bits"; - -} - -# Start up a ton of storage engine counts/statistics -my ( %enginestats, %enginecount, $fragtables ); - -sub check_storage_engines { - if ( $opt{skipsize} eq 1 ) { - subheaderprint "Storage Engine Statistics"; - infoprint "Skipped due to --skipsize option"; - return; - } - subheaderprint "Storage Engine Statistics"; - - my $engines; - if ( mysql_version_ge( 5, 5 ) ) { - my @engineresults = select_array -"SELECT ENGINE,SUPPORT FROM information_schema.ENGINES ORDER BY ENGINE ASC"; - foreach my $line (@engineresults) { - my ( $engine, $engineenabled ); - ( $engine, $engineenabled ) = $line =~ /([a-zA-Z_]*)\s+([a-zA-Z]+)/; - $result{'Engine'}{$engine}{'Enabled'} = $engineenabled; - $engines .= - ( $engineenabled eq "YES" || $engineenabled eq "DEFAULT" ) - ? greenwrap "+" . $engine . " " - : redwrap "-" . $engine . " "; - } - } - elsif ( mysql_version_ge( 5, 1, 5 ) ) { - my @engineresults = select_array -"SELECT ENGINE,SUPPORT FROM information_schema.ENGINES WHERE ENGINE NOT IN ('performance_schema','MyISAM','MERGE','MEMORY') ORDER BY ENGINE ASC"; - foreach my $line (@engineresults) { - my ( $engine, $engineenabled ); - ( $engine, $engineenabled ) = $line =~ /([a-zA-Z_]*)\s+([a-zA-Z]+)/; - $result{'Engine'}{$engine}{'Enabled'} = $engineenabled; - $engines .= - ( $engineenabled eq "YES" || $engineenabled eq "DEFAULT" ) - ? greenwrap "+" . $engine . " " - : redwrap "-" . $engine . " "; - } - } - else { - $engines .= - ( defined $myvar{'have_archive'} && $myvar{'have_archive'} eq "YES" ) - ? greenwrap "+Archive " - : redwrap "-Archive "; - $engines .= - ( defined $myvar{'have_bdb'} && $myvar{'have_bdb'} eq "YES" ) - ? greenwrap "+BDB " - : redwrap "-BDB "; - $engines .= - ( defined $myvar{'have_federated_engine'} - && $myvar{'have_federated_engine'} eq "YES" ) - ? greenwrap "+Federated " - : redwrap "-Federated "; - $engines .= - ( defined $myvar{'have_innodb'} && $myvar{'have_innodb'} eq "YES" ) - ? greenwrap "+InnoDB " - : redwrap "-InnoDB "; - $engines .= - ( defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES" ) - ? greenwrap "+ISAM " - : redwrap "-ISAM "; - $engines .= - ( defined $myvar{'have_ndbcluster'} - && $myvar{'have_ndbcluster'} eq "YES" ) - ? greenwrap "+NDBCluster " - : redwrap "-NDBCluster "; - } - - my @dblist = grep { $_ ne 'lost+found' } select_array "SHOW DATABASES"; - - $result{'Databases'}{'List'} = [@dblist]; - infoprint "Status: $engines"; - if ( mysql_version_ge( 5, 1, 5 ) ) { - -# MySQL 5 servers can have table sizes calculated quickly from information schema - my @templist = select_array -"SELECT ENGINE,SUM(DATA_LENGTH+INDEX_LENGTH),COUNT(ENGINE),SUM(DATA_LENGTH),SUM(INDEX_LENGTH) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema', 'performance_schema', 'mysql') AND ENGINE IS NOT NULL GROUP BY ENGINE ORDER BY ENGINE ASC;"; - - my ( $engine, $size, $count, $dsize, $isize ); - foreach my $line (@templist) { - ( $engine, $size, $count, $dsize, $isize ) = - $line =~ /([a-zA-Z_]+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)/; - debugprint "Engine Found: $engine"; - next unless ( defined($engine) ); - $size = 0 unless defined($size); - $isize = 0 unless defined($isize); - $dsize = 0 unless defined($dsize); - $count = 0 unless defined($count); - $enginestats{$engine} = $size; - $enginecount{$engine} = $count; - $result{'Engine'}{$engine}{'Table Number'} = $count; - $result{'Engine'}{$engine}{'Total Size'} = $size; - $result{'Engine'}{$engine}{'Data Size'} = $dsize; - $result{'Engine'}{$engine}{'Index Size'} = $isize; - } - my $not_innodb = ''; - if ( not defined $result{'Variables'}{'innodb_file_per_table'} ) { - $not_innodb = "AND NOT ENGINE='InnoDB'"; - } - elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { - $not_innodb = "AND NOT ENGINE='InnoDB'"; - } - $result{'Tables'}{'Fragmented tables'} = - [ select_array -"SELECT CONCAT(CONCAT(TABLE_SCHEMA, '.'), TABLE_NAME),DATA_FREE FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','performance_schema', 'mysql') AND DATA_LENGTH/1024/1024>100 AND DATA_FREE*100/(DATA_LENGTH+INDEX_LENGTH+DATA_FREE) > 10 AND NOT ENGINE='MEMORY' $not_innodb" - ]; - $fragtables = scalar @{ $result{'Tables'}{'Fragmented tables'} }; - - } - else { - - # MySQL < 5 servers take a lot of work to get table sizes - my @tblist; - -# Now we build a database list, and loop through it to get storage engine stats for tables - foreach my $db (@dblist) { - chomp($db); - if ( $db eq "information_schema" - or $db eq "performance_schema" - or $db eq "mysql" - or $db eq "lost+found" ) - { - next; - } - my @ixs = ( 1, 6, 9 ); - if ( !mysql_version_ge( 4, 1 ) ) { - - # MySQL 3.23/4.0 keeps Data_Length in the 5th (0-based) column - @ixs = ( 1, 5, 8 ); - } - push( @tblist, - map { [ (split)[@ixs] ] } - select_array "SHOW TABLE STATUS FROM \\\`$db\\\`" ); - } - - # Parse through the table list to generate storage engine counts/statistics - $fragtables = 0; - foreach my $tbl (@tblist) { - debugprint "Data dump " . Dumper(@$tbl); - my ( $engine, $size, $datafree ) = @$tbl; - next if $engine eq 'NULL'; - $size = 0 if $size eq 'NULL'; - $datafree = 0 if $datafree eq 'NULL'; - if ( defined $enginestats{$engine} ) { - $enginestats{$engine} += $size; - $enginecount{$engine} += 1; - } - else { - $enginestats{$engine} = $size; - $enginecount{$engine} = 1; - } - if ( $datafree > 0 ) { - $fragtables++; - } - } - } - while ( my ( $engine, $size ) = each(%enginestats) ) { - infoprint "Data in $engine tables: " - . hr_bytes($size) - . " (Tables: " - . $enginecount{$engine} . ")" . ""; - } - - # If the storage engine isn't being used, recommend it to be disabled - if ( !defined $enginestats{'InnoDB'} - && defined $myvar{'have_innodb'} - && $myvar{'have_innodb'} eq "YES" ) - { - badprint "InnoDB is enabled but isn't being used"; - push( @generalrec, - "Add skip-innodb to MySQL configuration to disable InnoDB" ); - } - if ( !defined $enginestats{'BerkeleyDB'} - && defined $myvar{'have_bdb'} - && $myvar{'have_bdb'} eq "YES" ) - { - badprint "BDB is enabled but isn't being used"; - push( @generalrec, - "Add skip-bdb to MySQL configuration to disable BDB" ); - } - if ( !defined $enginestats{'ISAM'} - && defined $myvar{'have_isam'} - && $myvar{'have_isam'} eq "YES" ) - { - badprint "MYISAM is enabled but isn't being used"; - push( @generalrec, -"Add skip-isam to MySQL configuration to disable ISAM (MySQL > 4.1.0)" - ); - } - - # Fragmented tables - if ( $fragtables > 0 ) { - badprint "Total fragmented tables: $fragtables"; - push( @generalrec, - "Run OPTIMIZE TABLE to defragment tables for better performance" ); - my $total_free = 0; - foreach my $table_line ( @{ $result{'Tables'}{'Fragmented tables'} } ) { - my ( $full_table_name, $data_free ) = split( /\s+/, $table_line ); - $data_free = 0 if ( !defined($data_free) or $data_free eq '' ); - $data_free = $data_free / 1024 / 1024; - $total_free += $data_free; - my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); - push( @generalrec, -" OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" - ); - } - push( @generalrec, - "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); - } - else { - goodprint "Total fragmented tables: $fragtables"; - } - - # Auto increments - my %tblist; - - # Find the maximum integer - my $maxint = select_one "SELECT ~0"; - $result{'MaxInt'} = $maxint; - -# Now we use a database list, and loop through it to get storage engine stats for tables - foreach my $db (@dblist) { - chomp($db); - - if ( !$tblist{$db} ) { - $tblist{$db} = (); - } - - if ( $db eq "information_schema" ) { next; } - my @ia = ( 0, 10 ); - if ( !mysql_version_ge( 4, 1 ) ) { - - # MySQL 3.23/4.0 keeps Data_Length in the 5th (0-based) column - @ia = ( 0, 9 ); - } - push( - @{ $tblist{$db} }, - map { [ (split)[@ia] ] } - select_array "SHOW TABLE STATUS FROM \\\`$db\\\`" - ); - } - - my @dbnames = keys %tblist; - - foreach my $db (@dbnames) { - foreach my $tbl ( @{ $tblist{$db} } ) { - my ( $name, $autoincrement ) = @$tbl; - - if ( $autoincrement =~ /^\d+?$/ ) { - my $percent = percentage( $autoincrement, $maxint ); - $result{'PctAutoIncrement'}{"$db.$name"} = $percent; - if ( $percent >= 75 ) { - badprint -"Table '$db.$name' has an autoincrement value near max capacity ($percent%)"; - } - } - } - } - -} - -my %mycalc; - -sub calculations { - if ( $mystat{'Questions'} < 1 ) { - badprint - "Your server has not answered any queries - cannot continue..."; - exit 2; - } - - # Per-thread memory - if ( mysql_version_ge(4) ) { - $mycalc{'per_thread_buffers'} = - $myvar{'read_buffer_size'} + - $myvar{'read_rnd_buffer_size'} + - $myvar{'sort_buffer_size'} + - $myvar{'thread_stack'} + - $myvar{'join_buffer_size'}; - } - else { - $mycalc{'per_thread_buffers'} = - $myvar{'record_buffer'} + - $myvar{'record_rnd_buffer'} + - $myvar{'sort_buffer'} + - $myvar{'thread_stack'} + - $myvar{'join_buffer_size'}; - } - $mycalc{'total_per_thread_buffers'} = - $mycalc{'per_thread_buffers'} * $myvar{'max_connections'}; - $mycalc{'max_total_per_thread_buffers'} = - $mycalc{'per_thread_buffers'} * $mystat{'Max_used_connections'}; - - # Server-wide memory - $mycalc{'max_tmp_table_size'} = - ( $myvar{'tmp_table_size'} > $myvar{'max_heap_table_size'} ) - ? $myvar{'max_heap_table_size'} - : $myvar{'tmp_table_size'}; - $mycalc{'server_buffers'} = - $myvar{'key_buffer_size'} + $mycalc{'max_tmp_table_size'}; - $mycalc{'server_buffers'} += - ( defined $myvar{'innodb_buffer_pool_size'} ) - ? $myvar{'innodb_buffer_pool_size'} - : 0; - $mycalc{'server_buffers'} += - ( defined $myvar{'innodb_additional_mem_pool_size'} ) - ? $myvar{'innodb_additional_mem_pool_size'} - : 0; - $mycalc{'server_buffers'} += - ( defined $myvar{'innodb_log_buffer_size'} ) - ? $myvar{'innodb_log_buffer_size'} - : 0; - $mycalc{'server_buffers'} += - ( defined $myvar{'query_cache_size'} ) ? $myvar{'query_cache_size'} : 0; - $mycalc{'server_buffers'} += - ( defined $myvar{'aria_pagecache_buffer_size'} ) - ? $myvar{'aria_pagecache_buffer_size'} - : 0; - -# Global memory -# Max used memory is memory used by MySQL based on Max_used_connections -# This is the max memory used theoretically calculated with the max concurrent connection number reached by mysql - $mycalc{'max_used_memory'} = - $mycalc{'server_buffers'} + - $mycalc{"max_total_per_thread_buffers"} + - get_pf_memory(); - - # + get_gcache_memory(); - $mycalc{'pct_max_used_memory'} = - percentage( $mycalc{'max_used_memory'}, $physical_memory ); - -# Total possible memory is memory needed by MySQL based on max_connections -# This is the max memory MySQL can theoretically used if all connections allowed has opened by mysql - $mycalc{'max_peak_memory'} = - $mycalc{'server_buffers'} + - $mycalc{'total_per_thread_buffers'} + - get_pf_memory(); - - # + get_gcache_memory(); - $mycalc{'pct_max_physical_memory'} = - percentage( $mycalc{'max_peak_memory'}, $physical_memory ); - - debugprint "Max Used Memory: " - . hr_bytes( $mycalc{'max_used_memory'} ) . ""; - debugprint "Max Used Percentage RAM: " - . $mycalc{'pct_max_used_memory'} . "%"; - - debugprint "Max Peak Memory: " - . hr_bytes( $mycalc{'max_peak_memory'} ) . ""; - debugprint "Max Peak Percentage RAM: " - . $mycalc{'pct_max_physical_memory'} . "%"; - - # Slow queries - $mycalc{'pct_slow_queries'} = - int( ( $mystat{'Slow_queries'} / $mystat{'Questions'} ) * 100 ); - - # Connections - $mycalc{'pct_connections_used'} = int( - ( $mystat{'Max_used_connections'} / $myvar{'max_connections'} ) * 100 ); - $mycalc{'pct_connections_used'} = - ( $mycalc{'pct_connections_used'} > 100 ) - ? 100 - : $mycalc{'pct_connections_used'}; - - # Aborted Connections - $mycalc{'pct_connections_aborted'} = - percentage( $mystat{'Aborted_connects'}, $mystat{'Connections'} ); - debugprint "Aborted_connects: " . $mystat{'Aborted_connects'} . ""; - debugprint "Connections: " . $mystat{'Connections'} . ""; - debugprint "pct_connections_aborted: " - . $mycalc{'pct_connections_aborted'} . ""; - - # Key buffers - if ( mysql_version_ge( 4, 1 ) && $myvar{'key_buffer_size'} > 0 ) { - $mycalc{'pct_key_buffer_used'} = sprintf( - "%.1f", - ( - 1 - ( - ( - $mystat{'Key_blocks_unused'} * - $myvar{'key_cache_block_size'} - ) / $myvar{'key_buffer_size'} - ) - ) * 100 - ); - } - else { - $mycalc{'pct_key_buffer_used'} = 0; - } - - if ( $mystat{'Key_read_requests'} > 0 ) { - $mycalc{'pct_keys_from_mem'} = sprintf( - "%.1f", - ( - 100 - ( - ( $mystat{'Key_reads'} / $mystat{'Key_read_requests'} ) * - 100 - ) - ) - ); - } - else { - $mycalc{'pct_keys_from_mem'} = 0; - } - if ( defined $mystat{'Aria_pagecache_read_requests'} - && $mystat{'Aria_pagecache_read_requests'} > 0 ) - { - $mycalc{'pct_aria_keys_from_mem'} = sprintf( - "%.1f", - ( - 100 - ( - ( - $mystat{'Aria_pagecache_reads'} / - $mystat{'Aria_pagecache_read_requests'} - ) * 100 - ) - ) - ); - } - else { - $mycalc{'pct_aria_keys_from_mem'} = 0; - } - - if ( $mystat{'Key_write_requests'} > 0 ) { - $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", - ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) - ); - } - else { - $mycalc{'pct_wkeys_from_mem'} = 0; - } - - if ( $doremote eq 0 and !mysql_version_ge(5) ) { - my $size = 0; - $size += (split)[0] - for -`find $myvar{'datadir'} -name "*.MYI" 2>&1 | xargs du -L $duflags 2>&1`; - $mycalc{'total_myisam_indexes'} = $size; - $mycalc{'total_aria_indexes'} = 0; - } - elsif ( mysql_version_ge(5) ) { - $mycalc{'total_myisam_indexes'} = select_one -"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'MyISAM';"; - $mycalc{'total_aria_indexes'} = select_one -"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'Aria';"; - } - if ( defined $mycalc{'total_myisam_indexes'} - and $mycalc{'total_myisam_indexes'} == 0 ) - { - $mycalc{'total_myisam_indexes'} = "fail"; - } - elsif ( defined $mycalc{'total_myisam_indexes'} ) { - chomp( $mycalc{'total_myisam_indexes'} ); - } - if ( defined $mycalc{'total_aria_indexes'} - and $mycalc{'total_aria_indexes'} == 0 ) - { - $mycalc{'total_aria_indexes'} = 1; - } - elsif ( defined $mycalc{'total_aria_indexes'} ) { - chomp( $mycalc{'total_aria_indexes'} ); - } - - # Query cache - if ( mysql_version_ge(8) and mysql_version_le(10) ) { - $mycalc{'query_cache_efficiency'} = 0; - } - elsif ( mysql_version_ge(4) ) { - $mycalc{'query_cache_efficiency'} = sprintf( - "%.1f", - ( - $mystat{'Qcache_hits'} / - ( $mystat{'Com_select'} + $mystat{'Qcache_hits'} ) - ) * 100 - ); - if ( $myvar{'query_cache_size'} ) { - $mycalc{'pct_query_cache_used'} = sprintf( - "%.1f", - 100 - ( - $mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'} - ) * 100 - ); - } - if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) { - $mycalc{'query_cache_prunes_per_day'} = 0; - } - else { - $mycalc{'query_cache_prunes_per_day'} = int( - $mystat{'Qcache_lowmem_prunes'} / ( $mystat{'Uptime'} / 86400 ) - ); - } - } - - # Sorting - $mycalc{'total_sorts'} = $mystat{'Sort_scan'} + $mystat{'Sort_range'}; - if ( $mycalc{'total_sorts'} > 0 ) { - $mycalc{'pct_temp_sort_table'} = int( - ( $mystat{'Sort_merge_passes'} / $mycalc{'total_sorts'} ) * 100 ); - } - - # Joins - $mycalc{'joins_without_indexes'} = - $mystat{'Select_range_check'} + $mystat{'Select_full_join'}; - $mycalc{'joins_without_indexes_per_day'} = - int( $mycalc{'joins_without_indexes'} / ( $mystat{'Uptime'} / 86400 ) ); - - # Temporary tables - if ( $mystat{'Created_tmp_tables'} > 0 ) { - if ( $mystat{'Created_tmp_disk_tables'} > 0 ) { - $mycalc{'pct_temp_disk'} = int( - ( - $mystat{'Created_tmp_disk_tables'} / - $mystat{'Created_tmp_tables'} - ) * 100 - ); - } - else { - $mycalc{'pct_temp_disk'} = 0; - } - } - - # Table cache - if ( $mystat{'Opened_tables'} > 0 ) { - $mycalc{'table_cache_hit_rate'} = - int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); - } - else { - $mycalc{'table_cache_hit_rate'} = 100; - } - - # Open files - if ( $myvar{'open_files_limit'} > 0 ) { - $mycalc{'pct_files_open'} = - int( $mystat{'Open_files'} * 100 / $myvar{'open_files_limit'} ); - } - - # Table locks - if ( $mystat{'Table_locks_immediate'} > 0 ) { - if ( $mystat{'Table_locks_waited'} == 0 ) { - $mycalc{'pct_table_locks_immediate'} = 100; - } - else { - $mycalc{'pct_table_locks_immediate'} = int( - $mystat{'Table_locks_immediate'} * 100 / ( - $mystat{'Table_locks_waited'} + - $mystat{'Table_locks_immediate'} - ) - ); - } - } - - # Thread cache - $mycalc{'thread_cache_hit_rate'} = - int( 100 - - ( ( $mystat{'Threads_created'} / $mystat{'Connections'} ) * 100 ) ); - - # Other - if ( $mystat{'Connections'} > 0 ) { - $mycalc{'pct_aborted_connections'} = - int( ( $mystat{'Aborted_connects'} / $mystat{'Connections'} ) * 100 ); - } - if ( $mystat{'Questions'} > 0 ) { - $mycalc{'total_reads'} = $mystat{'Com_select'}; - $mycalc{'total_writes'} = - $mystat{'Com_delete'} + - $mystat{'Com_insert'} + - $mystat{'Com_update'} + - $mystat{'Com_replace'}; - if ( $mycalc{'total_reads'} == 0 ) { - $mycalc{'pct_reads'} = 0; - $mycalc{'pct_writes'} = 100; - } - else { - $mycalc{'pct_reads'} = int( - ( - $mycalc{'total_reads'} / - ( $mycalc{'total_reads'} + $mycalc{'total_writes'} ) - ) * 100 - ); - $mycalc{'pct_writes'} = 100 - $mycalc{'pct_reads'}; - } - } - - # InnoDB - if ( $myvar{'have_innodb'} eq "YES" ) { - $mycalc{'innodb_log_size_pct'} = - ( $myvar{'innodb_log_file_size'} * - $myvar{'innodb_log_files_in_group'} * 100 / - $myvar{'innodb_buffer_pool_size'} ); - } - - # InnoDB Buffer pool read cache efficiency - ( - $mystat{'Innodb_buffer_pool_read_requests'}, - $mystat{'Innodb_buffer_pool_reads'} - ) - = ( 1, 1 ) - unless defined $mystat{'Innodb_buffer_pool_reads'}; - $mycalc{'pct_read_efficiency'} = percentage( - ( - $mystat{'Innodb_buffer_pool_read_requests'} - - $mystat{'Innodb_buffer_pool_reads'} - ), - $mystat{'Innodb_buffer_pool_read_requests'} - ) if defined $mystat{'Innodb_buffer_pool_read_requests'}; - debugprint "pct_read_efficiency: " . $mycalc{'pct_read_efficiency'} . ""; - debugprint "Innodb_buffer_pool_reads: " - . $mystat{'Innodb_buffer_pool_reads'} . ""; - debugprint "Innodb_buffer_pool_read_requests: " - . $mystat{'Innodb_buffer_pool_read_requests'} . ""; - - # InnoDB log write cache efficiency - ( $mystat{'Innodb_log_write_requests'}, $mystat{'Innodb_log_writes'} ) = - ( 1, 1 ) - unless defined $mystat{'Innodb_log_writes'}; - $mycalc{'pct_write_efficiency'} = percentage( - ( $mystat{'Innodb_log_write_requests'} - $mystat{'Innodb_log_writes'} ), - $mystat{'Innodb_log_write_requests'} - ) if defined $mystat{'Innodb_log_write_requests'}; - debugprint "pct_write_efficiency: " . $mycalc{'pct_write_efficiency'} . ""; - debugprint "Innodb_log_writes: " . $mystat{'Innodb_log_writes'} . ""; - debugprint "Innodb_log_write_requests: " - . $mystat{'Innodb_log_write_requests'} . ""; - $mycalc{'pct_innodb_buffer_used'} = percentage( - ( - $mystat{'Innodb_buffer_pool_pages_total'} - - $mystat{'Innodb_buffer_pool_pages_free'} - ), - $mystat{'Innodb_buffer_pool_pages_total'} - ) if defined $mystat{'Innodb_buffer_pool_pages_total'}; - - # Binlog Cache - if ( $myvar{'log_bin'} ne 'OFF' ) { - $mycalc{'pct_binlog_cache'} = percentage( - $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'}, - $mystat{'Binlog_cache_use'} ); - } -} - -sub mysql_stats { - subheaderprint "Performance Metrics"; - - # Show uptime, queries per second, connections, traffic stats - my $qps; - if ( $mystat{'Uptime'} > 0 ) { - $qps = sprintf( "%.3f", $mystat{'Questions'} / $mystat{'Uptime'} ); - } - push( @generalrec, -"MySQL was started within the last 24 hours - recommendations may be inaccurate" - ) if ( $mystat{'Uptime'} < 86400 ); - infoprint "Up for: " - . pretty_uptime( $mystat{'Uptime'} ) . " (" - . hr_num( $mystat{'Questions'} ) . " q [" - . hr_num($qps) - . " qps], " - . hr_num( $mystat{'Connections'} ) - . " conn," . " TX: " - . hr_bytes_rnd( $mystat{'Bytes_sent'} ) - . ", RX: " - . hr_bytes_rnd( $mystat{'Bytes_received'} ) . ")"; - infoprint "Reads / Writes: " - . $mycalc{'pct_reads'} . "% / " - . $mycalc{'pct_writes'} . "%"; - - # Binlog Cache - if ( $myvar{'log_bin'} eq 'OFF' ) { - infoprint "Binary logging is disabled"; - } - else { - infoprint "Binary logging is enabled (GTID MODE: " - . ( defined( $myvar{'gtid_mode'} ) ? $myvar{'gtid_mode'} : "OFF" ) - . ")"; - } - - # Memory usage - infoprint "Physical Memory : " . hr_bytes($physical_memory); - infoprint "Max MySQL memory : " . hr_bytes( $mycalc{'max_peak_memory'} ); - infoprint "Other process memory: " . hr_bytes( get_other_process_memory() ); - - infoprint "Total buffers: " - . hr_bytes( $mycalc{'server_buffers'} ) - . " global + " - . hr_bytes( $mycalc{'per_thread_buffers'} ) - . " per thread ($myvar{'max_connections'} max threads)"; - infoprint "P_S Max memory usage: " . hr_bytes_rnd( get_pf_memory() ); - $result{'P_S'}{'memory'} = get_pf_memory(); - $result{'P_S'}{'pretty_memory'} = - hr_bytes_rnd( get_pf_memory() ); - infoprint "Galera GCache Max memory usage: " - . hr_bytes_rnd( get_gcache_memory() ); - $result{'Galera'}{'GCache'}{'memory'} = get_gcache_memory(); - $result{'Galera'}{'GCache'}{'pretty_memory'} = - hr_bytes_rnd( get_gcache_memory() ); - - if ( $opt{buffers} ne 0 ) { - infoprint "Global Buffers"; - infoprint " +-- Key Buffer: " - . hr_bytes( $myvar{'key_buffer_size'} ) . ""; - infoprint " +-- Max Tmp Table: " - . hr_bytes( $mycalc{'max_tmp_table_size'} ) . ""; - - if ( defined $myvar{'query_cache_type'} ) { - infoprint "Query Cache Buffers"; - infoprint " +-- Query Cache: " - . $myvar{'query_cache_type'} . " - " - . ( - $myvar{'query_cache_type'} eq 0 | - $myvar{'query_cache_type'} eq 'OFF' ? "DISABLED" - : ( - $myvar{'query_cache_type'} eq 1 ? "ALL REQUESTS" - : "ON DEMAND" - ) - ) . ""; - infoprint " +-- Query Cache Size: " - . hr_bytes( $myvar{'query_cache_size'} ) . ""; - } - - infoprint "Per Thread Buffers"; - infoprint " +-- Read Buffer: " - . hr_bytes( $myvar{'read_buffer_size'} ) . ""; - infoprint " +-- Read RND Buffer: " - . hr_bytes( $myvar{'read_rnd_buffer_size'} ) . ""; - infoprint " +-- Sort Buffer: " - . hr_bytes( $myvar{'sort_buffer_size'} ) . ""; - infoprint " +-- Thread stack: " - . hr_bytes( $myvar{'thread_stack'} ) . ""; - infoprint " +-- Join Buffer: " - . hr_bytes( $myvar{'join_buffer_size'} ) . ""; - if ( $myvar{'log_bin'} ne 'OFF' ) { - infoprint "Binlog Cache Buffers"; - infoprint " +-- Binlog Cache: " - . hr_bytes( $myvar{'binlog_cache_size'} ) . ""; - } - } - - if ( $arch - && $arch == 32 - && $mycalc{'max_used_memory'} > 2 * 1024 * 1024 * 1024 ) - { - badprint - "Allocating > 2GB RAM on 32-bit systems can cause system instability"; - badprint "Maximum reached memory usage: " - . hr_bytes( $mycalc{'max_used_memory'} ) - . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; - } - elsif ( $mycalc{'pct_max_used_memory'} > 85 ) { - badprint "Maximum reached memory usage: " - . hr_bytes( $mycalc{'max_used_memory'} ) - . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; - } - else { - goodprint "Maximum reached memory usage: " - . hr_bytes( $mycalc{'max_used_memory'} ) - . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; - } - - if ( $mycalc{'pct_max_physical_memory'} > 85 ) { - badprint "Maximum possible memory usage: " - . hr_bytes( $mycalc{'max_peak_memory'} ) - . " ($mycalc{'pct_max_physical_memory'}% of installed RAM)"; - push( @generalrec, - "Reduce your overall MySQL memory footprint for system stability" ); - } - else { - goodprint "Maximum possible memory usage: " - . hr_bytes( $mycalc{'max_peak_memory'} ) - . " ($mycalc{'pct_max_physical_memory'}% of installed RAM)"; - } - - if ( $physical_memory < - ( $mycalc{'max_peak_memory'} + get_other_process_memory() ) ) - { - badprint - "Overall possible memory usage with other process exceeded memory"; - push( @generalrec, - "Dedicate this server to your database for highest performance." ); - } - else { - goodprint -"Overall possible memory usage with other process is compatible with memory available"; - } - - # Slow queries - if ( $mycalc{'pct_slow_queries'} > 5 ) { - badprint "Slow queries: $mycalc{'pct_slow_queries'}% (" - . hr_num( $mystat{'Slow_queries'} ) . "/" - . hr_num( $mystat{'Questions'} ) . ")"; - } - else { - goodprint "Slow queries: $mycalc{'pct_slow_queries'}% (" - . hr_num( $mystat{'Slow_queries'} ) . "/" - . hr_num( $mystat{'Questions'} ) . ")"; - } - if ( $myvar{'long_query_time'} > 10 ) { - push( @adjvars, "long_query_time (<= 10)" ); - } - if ( defined( $myvar{'log_slow_queries'} ) ) { - if ( $myvar{'log_slow_queries'} eq "OFF" ) { - push( @generalrec, - "Enable the slow query log to troubleshoot bad queries" ); - } - } - - # Connections - if ( $mycalc{'pct_connections_used'} > 85 ) { - badprint -"Highest connection usage: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})"; - push( @adjvars, - "max_connections (> " . $myvar{'max_connections'} . ")" ); - push( @adjvars, - "wait_timeout (< " . $myvar{'wait_timeout'} . ")", - "interactive_timeout (< " . $myvar{'interactive_timeout'} . ")" ); - push( @generalrec, -"Reduce or eliminate persistent connections to reduce connection usage" - ); - } - else { - goodprint -"Highest usage of available connections: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})"; - } - - # Aborted Connections - if ( $mycalc{'pct_connections_aborted'} > 3 ) { - badprint -"Aborted connections: $mycalc{'pct_connections_aborted'}% ($mystat{'Aborted_connects'}/$mystat{'Connections'})"; - push( @generalrec, - "Reduce or eliminate unclosed connections and network issues" ); - } - else { - goodprint -"Aborted connections: $mycalc{'pct_connections_aborted'}% ($mystat{'Aborted_connects'}/$mystat{'Connections'})"; - } - - # name resolution - if ( defined( $result{'Variables'}{'skip_networking'} ) - && $result{'Variables'}{'skip_networking'} eq 'ON' ) - { - infoprint -"Skipped name resolution test due to skip_networking=ON in system variables."; - } - elsif ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { - infoprint -"Skipped name resolution test due to missing skip_name_resolve in system variables."; - } - elsif ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF' ) { - badprint -"name resolution is active : a reverse name resolution is made for each new connection and can reduce performance"; - push( @generalrec, -"Configure your accounts with ip or subnets only, then update your configuration with skip-name-resolve=1" - ); - } - - # Query cache - if ( !mysql_version_ge(4) ) { - - # MySQL versions < 4.01 don't support query caching - push( @generalrec, - "Upgrade MySQL to version 4+ to utilize query caching" ); - } - elsif ( mysql_version_eq(8) ) { - infoprint "Query cache have been removed in MySQL 8"; - - #return; - } - elsif ( $myvar{'query_cache_size'} < 1 - and $myvar{'query_cache_type'} eq "OFF" ) - { - goodprint -"Query cache is disabled by default due to mutex contention on multiprocessor machines."; - } - elsif ( $mystat{'Com_select'} == 0 ) { - badprint - "Query cache cannot be analyzed - no SELECT statements executed"; - } - else { - badprint - "Query cache may be disabled by default due to mutex contention."; - push( @adjvars, "query_cache_size (=0)" ); - push( @adjvars, "query_cache_type (=0)" ); - if ( $mycalc{'query_cache_efficiency'} < 20 ) { - badprint - "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (" - . hr_num( $mystat{'Qcache_hits'} ) - . " cached / " - . hr_num( $mystat{'Qcache_hits'} + $mystat{'Com_select'} ) - . " selects)"; - push( @adjvars, - "query_cache_limit (> " - . hr_bytes_rnd( $myvar{'query_cache_limit'} ) - . ", or use smaller result sets)" ); - } - else { - goodprint - "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (" - . hr_num( $mystat{'Qcache_hits'} ) - . " cached / " - . hr_num( $mystat{'Qcache_hits'} + $mystat{'Com_select'} ) - . " selects)"; - } - if ( $mycalc{'query_cache_prunes_per_day'} > 98 ) { - badprint -"Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}"; - if ( $myvar{'query_cache_size'} >= 128 * 1024 * 1024 ) { - push( @generalrec, -"Increasing the query_cache size over 128M may reduce performance" - ); - push( @adjvars, - "query_cache_size (> " - . hr_bytes_rnd( $myvar{'query_cache_size'} ) - . ") [see warning above]" ); - } - else { - push( @adjvars, - "query_cache_size (> " - . hr_bytes_rnd( $myvar{'query_cache_size'} ) - . ")" ); - } - } - else { - goodprint -"Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}"; - } - } - - # Sorting - if ( $mycalc{'total_sorts'} == 0 ) { - goodprint "No Sort requiring temporary tables"; - } - elsif ( $mycalc{'pct_temp_sort_table'} > 10 ) { - badprint - "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (" - . hr_num( $mystat{'Sort_merge_passes'} ) - . " temp sorts / " - . hr_num( $mycalc{'total_sorts'} ) - . " sorts)"; - push( @adjvars, - "sort_buffer_size (> " - . hr_bytes_rnd( $myvar{'sort_buffer_size'} ) - . ")" ); - push( @adjvars, - "read_rnd_buffer_size (> " - . hr_bytes_rnd( $myvar{'read_rnd_buffer_size'} ) - . ")" ); - } - else { - goodprint - "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (" - . hr_num( $mystat{'Sort_merge_passes'} ) - . " temp sorts / " - . hr_num( $mycalc{'total_sorts'} ) - . " sorts)"; - } - - # Joins - if ( $mycalc{'joins_without_indexes_per_day'} > 250 ) { - badprint - "Joins performed without indexes: $mycalc{'joins_without_indexes'}"; - push( @adjvars, - "join_buffer_size (> " - . hr_bytes( $myvar{'join_buffer_size'} ) - . ", or always use indexes with JOINs)" ); - push( @generalrec, - "Adjust your join queries to always utilize indexes" ); - } - else { - goodprint "No joins without indexes"; - - # No joins have run without indexes - } - - # Temporary tables - if ( $mystat{'Created_tmp_tables'} > 0 ) { - if ( $mycalc{'pct_temp_disk'} > 25 - && $mycalc{'max_tmp_table_size'} < 256 * 1024 * 1024 ) - { - badprint - "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" - . hr_num( $mystat{'Created_tmp_disk_tables'} ) - . " on disk / " - . hr_num( $mystat{'Created_tmp_tables'} ) - . " total)"; - push( @adjvars, - "tmp_table_size (> " - . hr_bytes_rnd( $myvar{'tmp_table_size'} ) - . ")" ); - push( @adjvars, - "max_heap_table_size (> " - . hr_bytes_rnd( $myvar{'max_heap_table_size'} ) - . ")" ); - push( @generalrec, -"When making adjustments, make tmp_table_size/max_heap_table_size equal" - ); - push( @generalrec, - "Reduce your SELECT DISTINCT queries which have no LIMIT clause" - ); - } - elsif ($mycalc{'pct_temp_disk'} > 25 - && $mycalc{'max_tmp_table_size'} >= 256 * 1024 * 1024 ) - { - badprint - "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" - . hr_num( $mystat{'Created_tmp_disk_tables'} ) - . " on disk / " - . hr_num( $mystat{'Created_tmp_tables'} ) - . " total)"; - push( @generalrec, - "Temporary table size is already large - reduce result set size" - ); - push( @generalrec, - "Reduce your SELECT DISTINCT queries without LIMIT clauses" ); - } - else { - goodprint - "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" - . hr_num( $mystat{'Created_tmp_disk_tables'} ) - . " on disk / " - . hr_num( $mystat{'Created_tmp_tables'} ) - . " total)"; - } - } - else { - goodprint "No tmp tables created on disk"; - } - - # Thread cache - if ( defined( $myvar{'thread_handling'} ) - and $myvar{'thread_handling'} eq 'pool-of-threads' ) - { - # https://www.percona.com/doc/percona-server/LATEST/performance/threadpool.html - # When thread pool is enabled, the value of the thread_cache_size variable - # is ignored. The Threads_cached status variable contains 0 in this case. - infoprint "Thread cache not used with thread_handling=pool-of-threads"; - } - else { - if ( $myvar{'thread_cache_size'} eq 0 ) { - badprint "Thread cache is disabled"; - push( @generalrec, - "Set thread_cache_size to 4 as a starting value" ); - push( @adjvars, "thread_cache_size (start at 4)" ); - } - else { - if ( $mycalc{'thread_cache_hit_rate'} <= 50 ) { - badprint - "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (" - . hr_num( $mystat{'Threads_created'} ) - . " created / " - . hr_num( $mystat{'Connections'} ) - . " connections)"; - push( @adjvars, - "thread_cache_size (> $myvar{'thread_cache_size'})" ); - } - else { - goodprint - "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (" - . hr_num( $mystat{'Threads_created'} ) - . " created / " - . hr_num( $mystat{'Connections'} ) - . " connections)"; - } - } - } - - # Table cache - my $table_cache_var = ""; - if ( $mystat{'Open_tables'} > 0 ) { - if ( $mycalc{'table_cache_hit_rate'} < 20 ) { - badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " open / " - . hr_num( $mystat{'Opened_tables'} ) - . " opened)"; - if ( mysql_version_ge( 5, 1 ) ) { - $table_cache_var = "table_open_cache"; - } - else { - $table_cache_var = "table_cache"; - } - - push( @adjvars, - $table_cache_var . " (> " . $myvar{$table_cache_var} . ")" ); - push( @generalrec, - "Increase " - . $table_cache_var - . " gradually to avoid file descriptor limits" ); - push( @generalrec, - "Read this before increasing " - . $table_cache_var - . " over 64: https://bit.ly/1mi7c4C" ); - push( @generalrec, - "Read this before increasing for MariaDB" - . " https://mariadb.com/kb/en/library/optimizing-table_open_cache/" - ); - push( @generalrec, -"This is MyISAM only table_cache scalability problem, InnoDB not affected." - ); - push( @generalrec, - "See more details here: https://bugs.mysql.com/bug.php?id=49177" - ); - push( @generalrec, -"This bug already fixed in MySQL 5.7.9 and newer MySQL versions." - ); - push( @generalrec, - "Beware that open_files_limit (" - . $myvar{'open_files_limit'} - . ") variable " ); - push( @generalrec, - "should be greater than $table_cache_var (" - . $myvar{$table_cache_var} - . ")" ); - } - else { - goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" - . hr_num( $mystat{'Open_tables'} ) - . " open / " - . hr_num( $mystat{'Opened_tables'} ) - . " opened)"; - } - } - - # Open files - if ( defined $mycalc{'pct_files_open'} ) { - if ( $mycalc{'pct_files_open'} > 85 ) { - badprint "Open file limit used: $mycalc{'pct_files_open'}% (" - . hr_num( $mystat{'Open_files'} ) . "/" - . hr_num( $myvar{'open_files_limit'} ) . ")"; - push( @adjvars, - "open_files_limit (> " . $myvar{'open_files_limit'} . ")" ); - } - else { - goodprint "Open file limit used: $mycalc{'pct_files_open'}% (" - . hr_num( $mystat{'Open_files'} ) . "/" - . hr_num( $myvar{'open_files_limit'} ) . ")"; - } - } - - # Table locks - if ( defined $mycalc{'pct_table_locks_immediate'} ) { - if ( $mycalc{'pct_table_locks_immediate'} < 95 ) { - badprint -"Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}%"; - push( @generalrec, - "Optimize queries and/or use InnoDB to reduce lock wait" ); - } - else { - goodprint -"Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}% (" - . hr_num( $mystat{'Table_locks_immediate'} ) - . " immediate / " - . hr_num( $mystat{'Table_locks_waited'} + - $mystat{'Table_locks_immediate'} ) - . " locks)"; - } - } - - # Binlog cache - if ( defined $mycalc{'pct_binlog_cache'} ) { - if ( $mycalc{'pct_binlog_cache'} < 90 - && $mystat{'Binlog_cache_use'} > 0 ) - { - badprint "Binlog cache memory access: " - . $mycalc{'pct_binlog_cache'} . "% (" - . ( - $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'} ) - . " Memory / " - . $mystat{'Binlog_cache_use'} - . " Total)"; - push( @generalrec, - "Increase binlog_cache_size (Actual value: " - . $myvar{'binlog_cache_size'} - . ")" ); - push( @adjvars, - "binlog_cache_size (" - . hr_bytes( $myvar{'binlog_cache_size'} + 16 * 1024 * 1024 ) - . ")" ); - } - else { - goodprint "Binlog cache memory access: " - . $mycalc{'pct_binlog_cache'} . "% (" - . ( - $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'} ) - . " Memory / " - . $mystat{'Binlog_cache_use'} - . " Total)"; - debugprint "Not enough data to validate binlog cache size\n" - if $mystat{'Binlog_cache_use'} < 10; - } - } - - # Performance options - if ( !mysql_version_ge( 5, 1 ) ) { - push( @generalrec, "Upgrade to MySQL 5.5+ to use asynchronous write" ); - } - elsif ( $myvar{'concurrent_insert'} eq "OFF" ) { - push( @generalrec, "Enable concurrent_insert by setting it to 'ON'" ); - } - elsif ( $myvar{'concurrent_insert'} eq 0 ) { - push( @generalrec, "Enable concurrent_insert by setting it to 1" ); - } -} - -# Recommendations for MyISAM -sub mysql_myisam { - subheaderprint "MyISAM Metrics"; - - # Key buffer usage - if ( defined( $mycalc{'pct_key_buffer_used'} ) ) { - if ( $mycalc{'pct_key_buffer_used'} < 90 ) { - badprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" - . hr_num( $myvar{'key_buffer_size'} * - $mycalc{'pct_key_buffer_used'} / - 100 ) - . " used / " - . hr_num( $myvar{'key_buffer_size'} ) - . " cache)"; - -#push(@adjvars,"key_buffer_size (\~ ".hr_num( $myvar{'key_buffer_size'} * $mycalc{'pct_key_buffer_used'} / 100).")"); - } - else { - goodprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" - . hr_num( $myvar{'key_buffer_size'} * - $mycalc{'pct_key_buffer_used'} / - 100 ) - . " used / " - . hr_num( $myvar{'key_buffer_size'} ) - . " cache)"; - } - } - else { - - # No queries have run that would use keys - debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" - . hr_num( - $myvar{'key_buffer_size'} * $mycalc{'pct_key_buffer_used'} / 100 ) - . " used / " - . hr_num( $myvar{'key_buffer_size'} ) - . " cache)"; - } - - # Key buffer - if ( !defined( $mycalc{'total_myisam_indexes'} ) and $doremote == 1 ) { - push( @generalrec, - "Unable to calculate MyISAM indexes on remote MySQL server < 5.0.0" - ); - } - elsif ( $mycalc{'total_myisam_indexes'} =~ /^fail$/ ) { - badprint - "Cannot calculate MyISAM index size - re-run script as root user"; - } - elsif ( $mycalc{'total_myisam_indexes'} == "0" ) { - badprint - "None of your MyISAM tables are indexed - add indexes immediately"; - } - else { - if ( $myvar{'key_buffer_size'} < $mycalc{'total_myisam_indexes'} - && $mycalc{'pct_keys_from_mem'} < 95 ) - { - badprint "Key buffer size / total MyISAM indexes: " - . hr_bytes( $myvar{'key_buffer_size'} ) . "/" - . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; - push( @adjvars, - "key_buffer_size (> " - . hr_bytes( $mycalc{'total_myisam_indexes'} ) - . ")" ); - } - else { - goodprint "Key buffer size / total MyISAM indexes: " - . hr_bytes( $myvar{'key_buffer_size'} ) . "/" - . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; - } - if ( $mystat{'Key_read_requests'} > 0 ) { - if ( $mycalc{'pct_keys_from_mem'} < 95 ) { - badprint - "Read Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (" - . hr_num( $mystat{'Key_read_requests'} ) - . " cached / " - . hr_num( $mystat{'Key_reads'} ) - . " reads)"; - } - else { - goodprint - "Read Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (" - . hr_num( $mystat{'Key_read_requests'} ) - . " cached / " - . hr_num( $mystat{'Key_reads'} ) - . " reads)"; - } - } - else { - - # No queries have run that would use keys - debugprint "Key buffer size / total MyISAM indexes: " - . hr_bytes( $myvar{'key_buffer_size'} ) . "/" - . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; - } - if ( $mystat{'Key_write_requests'} > 0 ) { - if ( $mycalc{'pct_wkeys_from_mem'} < 95 ) { - badprint - "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" - . hr_num( $mystat{'Key_write_requests'} ) - . " cached / " - . hr_num( $mystat{'Key_writes'} ) - . " writes)"; - } - else { - goodprint - "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" - . hr_num( $mystat{'Key_write_requests'} ) - . " cached / " - . hr_num( $mystat{'Key_writes'} ) - . " writes)"; - } - } - else { - - # No queries have run that would use keys - debugprint - "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" - . hr_num( $mystat{'Key_write_requests'} ) - . " cached / " - . hr_num( $mystat{'Key_writes'} ) - . " writes)"; - } - } -} - -# Recommendations for ThreadPool -sub mariadb_threadpool { - subheaderprint "ThreadPool Metrics"; - - # AriaDB - unless ( defined $myvar{'have_threadpool'} - && $myvar{'have_threadpool'} eq "YES" ) - { - infoprint "ThreadPool stat is disabled."; - return; - } - infoprint "ThreadPool stat is enabled."; - infoprint "Thread Pool Size: " . $myvar{'thread_pool_size'} . " thread(s)."; - - if ( $myvar{'version'} =~ /mariadb|percona/i ) { - infoprint "Using default value is good enough for your version (" - . $myvar{'version'} . ")"; - return; - } - - if ( $myvar{'have_innodb'} eq 'YES' ) { - if ( $myvar{'thread_pool_size'} < 16 - or $myvar{'thread_pool_size'} > 36 ) - { - badprint -"thread_pool_size between 16 and 36 when using InnoDB storage engine."; - push( @generalrec, - "Thread pool size for InnoDB usage (" - . $myvar{'thread_pool_size'} - . ")" ); - push( @adjvars, - "thread_pool_size between 16 and 36 for InnoDB usage" ); - } - else { - goodprint -"thread_pool_size between 16 and 36 when using InnoDB storage engine."; - } - return; - } - if ( $myvar{'have_isam'} eq 'YES' ) { - if ( $myvar{'thread_pool_size'} < 4 or $myvar{'thread_pool_size'} > 8 ) - { - badprint -"thread_pool_size between 4 and 8 when using MyIsam storage engine."; - push( @generalrec, - "Thread pool size for MyIsam usage (" - . $myvar{'thread_pool_size'} - . ")" ); - push( @adjvars, - "thread_pool_size between 4 and 8 for MyIsam usage" ); - } - else { - goodprint -"thread_pool_size between 4 and 8 when using MyISAM storage engine."; - } - } -} - -sub get_pf_memory { - - # Performance Schema - return 0 unless defined $myvar{'performance_schema'}; - return 0 if $myvar{'performance_schema'} eq 'OFF'; - - my @infoPFSMemory = grep /performance_schema.memory/, - select_array("SHOW ENGINE PERFORMANCE_SCHEMA STATUS"); - return 0 if scalar(@infoPFSMemory) == 0; - $infoPFSMemory[0] =~ s/.*\s+(\d+)$/$1/g; - return $infoPFSMemory[0]; -} - -# Recommendations for Performance Schema -sub mysqsl_pfs { - subheaderprint "Performance schema"; - - # Performance Schema - $myvar{'performance_schema'} = 'OFF' - unless defined( $myvar{'performance_schema'} ); - unless ( $myvar{'performance_schema'} eq 'ON' ) { - infoprint "Performance schema is disabled."; - if ( mysql_version_ge( 5, 6 ) ) { - push( @generalrec, - "Performance schema should be activated for better diagnostics" - ); - push( @adjvars, "performance_schema = ON enable PFS" ); - } - } - else { - if ( mysql_version_le( 5, 5 ) ) { - push( @generalrec, -"Performance schema shouldn't be activated for MySQL and MariaDB 5.5 and lower version" - ); - push( @adjvars, "performance_schema = OFF disable PFS" ); - } - } - debugprint "Performance schema is " . $myvar{'performance_schema'}; - infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); - - if ( mysql_version_eq( 10, 0 ) ) { - push( @generalrec, -"Performance schema shouldn't be activated for MariaDB 10.0 for performance issue" - ); - push( @adjvars, "performance_schema = OFF disable PFS" ); - return; - } - unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { - infoprint "Sys schema isn't installed."; - push( @generalrec, -"Consider installing Sys schema from https://github.com/mysql/mysql-sys for MySQL" - ) unless ( mysql_version_le( 5, 6 ) ); - push( @generalrec, -"Consider installing Sys schema from https://github.com/good-dba/mariadb-sys for MariaDB" - ) unless ( mysql_version_eq( 10, 0 ) or mysql_version_eq( 5, 5 ) ); - - return; - } - else { - infoprint "Sys schema is installed."; - } - return if ( $opt{pfstat} == 0 or $myvar{'performance_schema'} ne 'ON' ); - - infoprint "Sys schema Version: " - . select_one("select sys_version from sys.version"); - - # Top user per connection - subheaderprint "Performance schema: Top 5 user per connection"; - my $nbL = 1; - for my $lQuery ( - select_array( -'select user, total_connections from sys.user_summary order by total_connections desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery conn(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per statement - subheaderprint "Performance schema: Top 5 user per statement"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, statements from sys.user_summary order by statements desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery stmt(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per statement latency - subheaderprint "Performance schema: Top 5 user per statement latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, statement_avg_latency from sys.x\\$user_summary order by statement_avg_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per lock latency - subheaderprint "Performance schema: Top 5 user per lock latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, lock_latency from sys.x\\$user_summary_by_statement_latency order by lock_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per full scans - subheaderprint "Performance schema: Top 5 user per nb full scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, full_scans from sys.x\\$user_summary_by_statement_latency order by full_scans desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per row_sent - subheaderprint "Performance schema: Top 5 user per rows sent"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, rows_sent from sys.x\\$user_summary_by_statement_latency order by rows_sent desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per row modified - subheaderprint "Performance schema: Top 5 user per rows modified"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, rows_affected from sys.x\\$user_summary_by_statement_latency order by rows_affected desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per io - subheaderprint "Performance schema: Top 5 user per io"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, file_ios from sys.x\\$user_summary order by file_ios desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top user per io latency - subheaderprint "Performance schema: Top 5 user per io latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, file_io_latency from sys.x\\$user_summary order by file_io_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per connection - subheaderprint "Performance schema: Top 5 host per connection"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, total_connections from sys.x\\$host_summary order by total_connections desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery conn(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per statement - subheaderprint "Performance schema: Top 5 host per statement"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, statements from sys.x\\$host_summary order by statements desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery stmt(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per statement latency - subheaderprint "Performance schema: Top 5 host per statement latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, statement_avg_latency from sys.x\\$host_summary order by statement_avg_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per lock latency - subheaderprint "Performance schema: Top 5 host per lock latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, lock_latency from sys.x\\$host_summary_by_statement_latency order by lock_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per full scans - subheaderprint "Performance schema: Top 5 host per nb full scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, full_scans from sys.x\\$host_summary_by_statement_latency order by full_scans desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per rows sent - subheaderprint "Performance schema: Top 5 host per rows sent"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, rows_sent from sys.x\\$host_summary_by_statement_latency order by rows_sent desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per rows modified - subheaderprint "Performance schema: Top 5 host per rows modified"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, rows_affected from sys.x\\$host_summary_by_statement_latency order by rows_affected desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per io - subheaderprint "Performance schema: Top 5 host per io"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, file_ios from sys.x\\$host_summary order by file_ios desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top 5 host per io latency - subheaderprint "Performance schema: Top 5 host per io latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, file_io_latency from sys.x\\$host_summary order by file_io_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top IO type order by total io - subheaderprint "Performance schema: Top IO type order by total io"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select substring(event_name,14), SUM(total)AS total from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery i/o"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top IO type order by total latency - subheaderprint "Performance schema: Top IO type order by total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select substring(event_name,14), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total_latency DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top IO type order by max latency - subheaderprint "Performance schema: Top IO type order by max latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select substring(event_name,14), MAX(max_latency) as max_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY max_latency DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top Stages order by total io - subheaderprint "Performance schema: Top Stages order by total io"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select substring(event_name,7), SUM(total)AS total from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery i/o"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top Stages order by total latency - subheaderprint "Performance schema: Top Stages order by total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select substring(event_name,7), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total_latency DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top Stages order by avg latency - subheaderprint "Performance schema: Top Stages order by avg latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select substring(event_name,7), MAX(avg_latency) as avg_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY avg_latency DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top host per table scans - subheaderprint "Performance schema: Top 5 host per table scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select host, table_scans from sys.x\\$host_summary order by table_scans desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # InnoDB Buffer Pool by schema - subheaderprint "Performance schema: InnoDB Buffer Pool by schema"; - $nbL = 1; - for my $lQuery ( - select_array( -'select object_schema, allocated, data, pages from sys.x\\$innodb_buffer_stats_by_schema ORDER BY pages DESC' - ) - ) - { - infoprint " +-- $nbL: $lQuery page(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # InnoDB Buffer Pool by table - subheaderprint "Performance schema: InnoDB Buffer Pool by table"; - $nbL = 1; - for my $lQuery ( - select_array( -'select object_schema, object_name, allocated,data, pages from sys.x\\$innodb_buffer_stats_by_table ORDER BY pages DESC' - ) - ) - { - infoprint " +-- $nbL: $lQuery page(s)"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Process per allocated memory - subheaderprint "Performance schema: Process per time"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, Command AS PROC, time from sys.x\\$processlist ORDER BY time DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # InnoDB Lock Waits - subheaderprint "Performance schema: InnoDB Lock Waits"; - $nbL = 1; - for my $lQuery ( - select_array( -'select wait_age_secs, locked_table, locked_type, waiting_query from sys.x\\$innodb_lock_waits order by wait_age_secs DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Threads IO Latency - subheaderprint "Performance schema: Thread IO Latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select user, total_latency, max_latency from sys.x\\$io_by_thread_by_latency order by total_latency DESC;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # High Cost SQL statements - subheaderprint "Performance schema: Top 5 Most latency statements"; - $nbL = 1; - for my $lQuery ( - select_array( -'select query, avg_latency from sys.x\\$statement_analysis order by avg_latency desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top 5% slower queries - subheaderprint "Performance schema: Top 5 slower queries"; - $nbL = 1; - for my $lQuery ( - select_array( -'select query, exec_count from sys.x\\$statements_with_runtimes_in_95th_percentile order by exec_count desc LIMIT 5' - ) - ) - { - infoprint " +-- $nbL: $lQuery s"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top 10 nb statement type - subheaderprint "Performance schema: Top 10 nb statement type"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(total) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top statement by total latency - subheaderprint "Performance schema: Top statement by total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(total_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top statement by lock latency - subheaderprint "Performance schema: Top statement by lock latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(lock_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top statement by full scans - subheaderprint "Performance schema: Top statement by full scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(full_scans) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top statement by rows sent - subheaderprint "Performance schema: Top statement by rows sent"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(rows_sent) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Top statement by rows modified - subheaderprint "Performance schema: Top statement by rows modified"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select statement, sum(rows_affected) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Use temporary tables - subheaderprint "Performance schema: Some queries using temp table"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select query from sys.x\\$statements_with_temp_tables LIMIT 20' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Unused Indexes - subheaderprint "Performance schema: Unused indexes"; - $nbL = 1; - for my $lQuery ( select_array('select * from sys.schema_unused_indexes') ) { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Full table scans - subheaderprint "Performance schema: Tables with full table scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select * from sys.x\\$schema_tables_with_full_table_scans order by rows_full_scanned DESC' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Latest file IO by latency - subheaderprint "Performance schema: Latest FILE IO by latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select thread, file, latency, operation from sys.x\\$latest_file_io ORDER BY latency LIMIT 10;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # FILE by IO read bytes - subheaderprint "Performance schema: FILE by IO read bytes"; - $nbL = 1; - for my $lQuery ( - select_array( -'select file, total_read from sys.x\\$io_global_by_file_by_bytes order by total_read DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # FILE by IO written bytes - subheaderprint "Performance schema: FILE by IO written bytes"; - $nbL = 1; - for my $lQuery ( - select_array( -'select file, total_written from sys.x\\$io_global_by_file_by_bytes order by total_written DESC LIMIT 15' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # file per IO total latency - subheaderprint "Performance schema: file per IO total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select file, total_latency from sys.x\\$io_global_by_file_by_latency ORDER BY total_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # file per IO read latency - subheaderprint "Performance schema: file per IO read latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select file, read_latency from sys.x\\$io_global_by_file_by_latency ORDER BY read_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # file per IO write latency - subheaderprint "Performance schema: file per IO write latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select file, write_latency from sys.x\\$io_global_by_file_by_latency ORDER BY write_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Event Wait by read bytes - subheaderprint "Performance schema: Event Wait by read bytes"; - $nbL = 1; - for my $lQuery ( - select_array( -'select event_name, total_read from sys.x\\$io_global_by_wait_by_bytes order by total_read DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Event Wait by write bytes - subheaderprint "Performance schema: Event Wait written bytes"; - $nbL = 1; - for my $lQuery ( - select_array( -'select event_name, total_written from sys.x\\$io_global_by_wait_by_bytes order by total_written DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # event per wait total latency - subheaderprint "Performance schema: event per wait total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select event_name, total_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY total_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # event per wait read latency - subheaderprint "Performance schema: event per wait read latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select event_name, read_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY read_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # event per wait write latency - subheaderprint "Performance schema: event per wait write latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select event_name, write_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY write_latency DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - #schema_index_statistics - # TOP 15 most read index - subheaderprint "Performance schema: TOP 15 most read indexes"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, rows_selected from sys.x\\$schema_index_statistics ORDER BY ROWs_selected DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 most used index - subheaderprint "Performance schema: TOP 15 most modified indexes"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_index_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high read latency index - subheaderprint "Performance schema: TOP 15 high read latency index"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, select_latency from sys.x\\$schema_index_statistics ORDER BY select_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high insert latency index - subheaderprint "Performance schema: TOP 15 most modified indexes"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, insert_latency from sys.x\\$schema_index_statistics ORDER BY insert_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high update latency index - subheaderprint "Performance schema: TOP 15 high update latency index"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, update_latency from sys.x\\$schema_index_statistics ORDER BY update_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high delete latency index - subheaderprint "Performance schema: TOP 15 high delete latency index"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name,index_name, delete_latency from sys.x\\$schema_index_statistics ORDER BY delete_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 most read tables - subheaderprint "Performance schema: TOP 15 most read tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, rows_fetched from sys.x\\$schema_table_statistics ORDER BY ROWs_fetched DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 most used tables - subheaderprint "Performance schema: TOP 15 most modified tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_table_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high read latency tables - subheaderprint "Performance schema: TOP 15 high read latency tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, fetch_latency from sys.x\\$schema_table_statistics ORDER BY fetch_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high insert latency tables - subheaderprint "Performance schema: TOP 15 high insert latency tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, insert_latency from sys.x\\$schema_table_statistics ORDER BY insert_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high update latency tables - subheaderprint "Performance schema: TOP 15 high update latency tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, update_latency from sys.x\\$schema_table_statistics ORDER BY update_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # TOP 15 high delete latency tables - subheaderprint "Performance schema: TOP 15 high delete latency tables"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select table_schema, table_name, delete_latency from sys.x\\$schema_table_statistics ORDER BY delete_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - # Redundant indexes - subheaderprint "Performance schema: Redundant indexes"; - $nbL = 1; - for my $lQuery ( - select_array('use sys;select * from schema_redundant_indexes;') ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Tables not using InnoDB buffer"; - $nbL = 1; - for my $lQuery ( - select_array( -' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Table not using InnoDB buffer"; - $nbL = 1; - for my $lQuery ( - select_array( -' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - subheaderprint "Performance schema: Table not using InnoDB buffer"; - $nbL = 1; - for my $lQuery ( - select_array( -' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Top 15 Tables using InnoDB buffer"; - $nbL = 1; - for my $lQuery ( - select_array( -'select table_schema,table_name,innodb_buffer_allocated from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_allocated DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Top 15 Tables with InnoDB buffer free"; - $nbL = 1; - for my $lQuery ( - select_array( -'select table_schema,table_name,innodb_buffer_free from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_free DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Top 15 Most executed queries"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, exec_count from sys.x\\$statement_analysis order by exec_count DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: Latest SQL queries in errors or warnings"; - $nbL = 1; - for my $lQuery ( - select_array( -'select query, last_seen from sys.x\\$statements_with_errors_or_warnings ORDER BY last_seen LIMIT 100;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Top 20 queries with full table scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, exec_count from sys.x\\$statements_with_full_table_scans order BY exec_count DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Last 50 queries with full table scans"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, last_seen from sys.x\\$statements_with_full_table_scans order BY last_seen DESC LIMIT 50;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 reader queries (95% percentile)"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query , rows_sent from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY ROWs_sent DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 most row look queries (95% percentile)"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, rows_examined AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY rows_examined DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 total latency queries (95% percentile)"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY total_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 max latency queries (95% percentile)"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, max_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY max_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 average latency queries (95% percentile)"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, avg_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY avg_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Top 20 queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, exec_count from sys.x\\$statements_with_sorting order BY exec_count DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Last 50 queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, last_seen from sys.x\\$statements_with_sorting order BY last_seen DESC LIMIT 50;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 row sorting queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query , rows_sorted from sys.x\\$statements_with_sorting ORDER BY ROWs_sorted DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 total latency queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_sorting ORDER BY total_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 merge queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, sort_merge_passes AS search from sys.x\\$statements_with_sorting ORDER BY sort_merge_passes DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 average sort merges queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, avg_sort_merges AS search from sys.x\\$statements_with_sorting ORDER BY avg_sort_merges DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 scans queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, sorts_using_scans AS search from sys.x\\$statements_with_sorting ORDER BY sorts_using_scans DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 range queries with sort"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, sort_using_range AS search from sys.x\\$statements_with_sorting ORDER BY sort_using_range DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - -################################################################################## - - #statements_with_temp_tables - -#mysql> desc statements_with_temp_tables; -#+--------------------------+---------------------+------+-----+---------------------+-------+ -#| Field | Type | Null | Key | Default | Extra | -#+--------------------------+---------------------+------+-----+---------------------+-------+ -#| query | longtext | YES | | NULL | | -#| db | varchar(64) | YES | | NULL | | -#| exec_count | bigint(20) unsigned | NO | | NULL | | -#| total_latency | text | YES | | NULL | | -#| memory_tmp_tables | bigint(20) unsigned | NO | | NULL | | -#| disk_tmp_tables | bigint(20) unsigned | NO | | NULL | | -#| avg_tmp_tables_per_query | decimal(21,0) | NO | | 0 | | -#| tmp_tables_to_disk_pct | decimal(24,0) | NO | | 0 | | -#| first_seen | timestamp | NO | | 0000-00-00 00:00:00 | | -#| last_seen | timestamp | NO | | 0000-00-00 00:00:00 | | -#| digest | varchar(32) | YES | | NULL | | -#+--------------------------+---------------------+------+-----+---------------------+-------+ -#11 rows in set (0,01 sec)# -# - subheaderprint "Performance schema: Top 20 queries with temp table"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, exec_count from sys.x\\$statements_with_temp_tables order BY exec_count DESC LIMIT 20;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: Last 50 queries with temp table"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, last_seen from sys.x\\$statements_with_temp_tables order BY last_seen DESC LIMIT 50;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint - "Performance schema: TOP 15 total latency queries with temp table"; - $nbL = 1; - for my $lQuery ( - select_array( -'select db, query, total_latency AS search from sys.x\\$statements_with_temp_tables ORDER BY total_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 queries with temp table to disk"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select db, query, disk_tmp_tables from sys.x\\$statements_with_temp_tables ORDER BY disk_tmp_tables DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - -################################################################################## - #wait_classes_global_by_latency - -#ysql> select * from wait_classes_global_by_latency; -#-----------------+-------+---------------+-------------+-------------+-------------+ -# event_class | total | total_latency | min_latency | avg_latency | max_latency | -#-----------------+-------+---------------+-------------+-------------+-------------+ -# wait/io/file | 15381 | 1.23 s | 0 ps | 80.12 us | 230.64 ms | -# wait/io/table | 59 | 7.57 ms | 5.45 us | 128.24 us | 3.95 ms | -# wait/lock/table | 69 | 3.22 ms | 658.84 ns | 46.64 us | 1.10 ms | -#-----------------+-------+---------------+-------------+-------------+-------------+ -# rows in set (0,00 sec) - - subheaderprint "Performance schema: TOP 15 class events by number"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select event_class, total from sys.x\\$wait_classes_global_by_latency ORDER BY total DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 30 events by number"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select events, total from sys.x\\$waits_global_by_latency ORDER BY total DESC LIMIT 30;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 class events by total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select event_class, total_latency from sys.x\\$wait_classes_global_by_latency ORDER BY total_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 30 events by total latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'use sys;select events, total_latency from sys.x\\$waits_global_by_latency ORDER BY total_latency DESC LIMIT 30;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 15 class events by max latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select event_class, max_latency from sys.x\\$wait_classes_global_by_latency ORDER BY max_latency DESC LIMIT 15;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - - subheaderprint "Performance schema: TOP 30 events by max latency"; - $nbL = 1; - for my $lQuery ( - select_array( -'select events, max_latency from sys.x\\$waits_global_by_latency ORDER BY max_latency DESC LIMIT 30;' - ) - ) - { - infoprint " +-- $nbL: $lQuery"; - $nbL++; - } - infoprint "No information found or indicators deactivated." - if ( $nbL == 1 ); - -} - -# Recommendations for Ariadb -sub mariadb_ariadb { - subheaderprint "AriaDB Metrics"; - - # AriaDB - unless ( defined $myvar{'have_aria'} - and $myvar{'have_aria'} eq "YES" ) - { - infoprint "AriaDB is disabled."; - return; - } - infoprint "AriaDB is enabled."; - - # Aria pagecache - if ( !defined( $mycalc{'total_aria_indexes'} ) and $doremote == 1 ) { - push( @generalrec, - "Unable to calculate Aria indexes on remote MySQL server < 5.0.0" ); - } - elsif ( $mycalc{'total_aria_indexes'} =~ /^fail$/ ) { - badprint - "Cannot calculate Aria index size - re-run script as root user"; - } - elsif ( $mycalc{'total_aria_indexes'} == "0" ) { - badprint - "None of your Aria tables are indexed - add indexes immediately"; - } - else { - if ( - $myvar{'aria_pagecache_buffer_size'} < $mycalc{'total_aria_indexes'} - && $mycalc{'pct_aria_keys_from_mem'} < 95 ) - { - badprint "Aria pagecache size / total Aria indexes: " - . hr_bytes( $myvar{'aria_pagecache_buffer_size'} ) . "/" - . hr_bytes( $mycalc{'total_aria_indexes'} ) . ""; - push( @adjvars, - "aria_pagecache_buffer_size (> " - . hr_bytes( $mycalc{'total_aria_indexes'} ) - . ")" ); - } - else { - goodprint "Aria pagecache size / total Aria indexes: " - . hr_bytes( $myvar{'aria_pagecache_buffer_size'} ) . "/" - . hr_bytes( $mycalc{'total_aria_indexes'} ) . ""; - } - if ( $mystat{'Aria_pagecache_read_requests'} > 0 ) { - if ( $mycalc{'pct_aria_keys_from_mem'} < 95 ) { - badprint -"Aria pagecache hit rate: $mycalc{'pct_aria_keys_from_mem'}% (" - . hr_num( $mystat{'Aria_pagecache_read_requests'} ) - . " cached / " - . hr_num( $mystat{'Aria_pagecache_reads'} ) - . " reads)"; - } - else { - goodprint -"Aria pagecache hit rate: $mycalc{'pct_aria_keys_from_mem'}% (" - . hr_num( $mystat{'Aria_pagecache_read_requests'} ) - . " cached / " - . hr_num( $mystat{'Aria_pagecache_reads'} ) - . " reads)"; - } - } - else { - - # No queries have run that would use keys - } - } -} - -# Recommendations for TokuDB -sub mariadb_tokudb { - subheaderprint "TokuDB Metrics"; - - # AriaDB - unless ( defined $myvar{'have_tokudb'} - && $myvar{'have_tokudb'} eq "YES" ) - { - infoprint "TokuDB is disabled."; - return; - } - infoprint "TokuDB is enabled."; - - # All is to done here -} - -# Recommendations for XtraDB -sub mariadb_xtradb { - subheaderprint "XtraDB Metrics"; - - # XtraDB - unless ( defined $myvar{'have_xtradb'} - && $myvar{'have_xtradb'} eq "YES" ) - { - infoprint "XtraDB is disabled."; - return; - } - infoprint "XtraDB is enabled."; - infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." - - # All is to done here -} - -# Recommendations for RocksDB -sub mariadb_rockdb { - subheaderprint "RocksDB Metrics"; - - # RocksDB - unless ( defined $myvar{'have_rocksdb'} - && $myvar{'have_rocksdb'} eq "YES" ) - { - infoprint "RocksDB is disabled."; - return; - } - infoprint "RocksDB is enabled."; - - # All is to do here -} - -# Recommendations for Spider -sub mariadb_spider { - subheaderprint "Spider Metrics"; - - # Spider - unless ( defined $myvar{'have_spider'} - && $myvar{'have_spider'} eq "YES" ) - { - infoprint "Spider is disabled."; - return; - } - infoprint "Spider is enabled."; - - # All is to do here -} - -# Recommendations for Connect -sub mariadb_connect { - subheaderprint "Connect Metrics"; - - # Connect - unless ( defined $myvar{'have_connect'} - && $myvar{'have_connect'} eq "YES" ) - { - infoprint "Connect is disabled."; - return; - } - infoprint "Connect is enabled."; - - # All is to do here -} - -# Perl trim function to remove whitespace from the start and end of the string -sub trim { - my $string = shift; - return "" unless defined($string); - $string =~ s/^\s+//; - $string =~ s/\s+$//; - return $string; -} - -sub get_wsrep_options { - return () unless defined $myvar{'wsrep_provider_options'}; - - my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; - my $wsrep_slave_threads = $myvar{'wsrep_slave_threads'}; - push @galera_options, ' wsrep_slave_threads = ' . $wsrep_slave_threads; - @galera_options = remove_cr @galera_options; - @galera_options = remove_empty @galera_options; - debugprint Dumper( \@galera_options ); - return @galera_options; -} - -sub get_gcache_memory { - my $gCacheMem = hr_raw( get_wsrep_option('gcache.size') ); - - return 0 unless defined $gCacheMem and $gCacheMem ne ''; - return $gCacheMem; -} - -sub get_wsrep_option { - my $key = shift; - return '' unless defined $myvar{'wsrep_provider_options'}; - my @galera_options = get_wsrep_options; - return '' unless scalar(@galera_options) > 0; - my @memValues = grep /\s*$key =/, @galera_options; - my $memValue = $memValues[0]; - return 0 unless defined $memValue; - $memValue =~ s/.*=\s*(.+)$/$1/g; - return $memValue; -} - -# Recommendations for Galera -sub mariadb_galera { - subheaderprint "Galera Metrics"; - - # Galera Cluster - unless ( defined $myvar{'have_galera'} - && $myvar{'have_galera'} eq "YES" ) - { - infoprint "Galera is disabled."; - return; - } - infoprint "Galera is enabled."; - debugprint "Galera variables:"; - foreach my $gvar ( keys %myvar ) { - next unless $gvar =~ /^wsrep.*/; - next if $gvar eq 'wsrep_provider_options'; - debugprint "\t" . trim($gvar) . " = " . $myvar{$gvar}; - $result{'Galera'}{'variables'}{$gvar} = $myvar{$gvar}; - } - if ( not defined( $myvar{'wsrep_on'} ) or $myvar{'wsrep_on'} ne "ON" ) { - infoprint "Galera is disabled."; - return; - } - debugprint "Galera wsrep provider Options:"; - my @galera_options = get_wsrep_options; - $result{'Galera'}{'wsrep options'} = get_wsrep_options(); - foreach my $gparam (@galera_options) { - debugprint "\t" . trim($gparam); - } - debugprint "Galera status:"; - foreach my $gstatus ( keys %mystat ) { - next unless $gstatus =~ /^wsrep.*/; - debugprint "\t" . trim($gstatus) . " = " . $mystat{$gstatus}; - $result{'Galera'}{'status'}{$gstatus} = $myvar{$gstatus}; - } - infoprint "GCache is using " - . hr_bytes_rnd( get_wsrep_option('gcache.mem_size') ); - - #my @primaryKeysNbTables=(); - my @primaryKeysNbTables = select_array( - "Select CONCAT(c.table_schema,CONCAT('.', c.table_name)) -from information_schema.columns c -join information_schema.tables t using (TABLE_SCHEMA, TABLE_NAME) -where c.table_schema not in ('mysql', 'information_schema', 'performance_schema') - and t.table_type != 'VIEW' -group by c.table_schema,c.table_name -having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" - ); - - infoprint "CPU core detected : " . (cpu_cores); - infoprint "wsrep_slave_threads: " . get_wsrep_option('wsrep_slave_threads'); - if ( get_wsrep_option('wsrep_slave_threads') > ( (cpu_cores) * 4 ) - or get_wsrep_option('wsrep_slave_threads') < ( (cpu_cores) * 2 ) ) - { - badprint -"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; - push @adjvars, "wsrep_slave_threads = " . ( (cpu_cores) * 4 ); - } - else { - goodprint - "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; - } - - if ( get_wsrep_option('gcs.fc_limit') != - get_wsrep_option('wsrep_slave_threads') * 5 ) - { - badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; - push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; - } - else { - goodprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; - } - - if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { - infoprint - "wsrep parallel slave can cause frequent inconsistency crash."; - push @adjvars, -"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; - - # check options for parallel slave - if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { - badprint "wsrep_slave_FK_checks is off with parallel slave"; - push @adjvars, - "wsrep_slave_FK_checks should be ON when using parallel slave"; - } - - # wsrep_slave_UK_checks seems useless in MySQL source code - if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { - badprint - "innodb_autoinc_lock_mode is incorrect with parallel slave"; - push @adjvars, - "innodb_autoinc_lock_mode should be 2 when using parallel slave"; - } - } - - if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) - { - badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; - push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; - } - else { - goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; - } - - if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { - badprint "gcs.fc_factor should be equal to 0.8"; - push @adjvars, "gcs.fc_factor=0.8"; - } - else { - goodprint "gcs.fc_factor is equal to 0.8"; - } - if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { - badprint "Fraction of time node pause flow control > 0.02"; - } - else { - goodprint -"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; - } - - if ( scalar(@primaryKeysNbTables) > 0 ) { - badprint "Following table(s) don't have primary key:"; - foreach my $badtable (@primaryKeysNbTables) { - badprint "\t$badtable"; - push @{ $result{'Tables without PK'} }, $badtable; - } - } - else { - goodprint "All tables get a primary key"; - } - my @nonInnoDBTables = select_array( -"select CONCAT(table_schema,CONCAT('.', table_name)) from information_schema.tables where ENGINE <> 'InnoDB' and table_schema not in ('mysql', 'performance_schema', 'information_schema')" - ); - if ( scalar(@nonInnoDBTables) > 0 ) { - badprint "Following table(s) are not InnoDB table:"; - push @generalrec, - "Ensure that all table(s) are InnoDB tables for Galera replication"; - foreach my $badtable (@nonInnoDBTables) { - badprint "\t$badtable"; - } - } - else { - goodprint "All tables are InnoDB tables"; - } - if ( $myvar{'binlog_format'} ne 'ROW' ) { - badprint "Binlog format should be in ROW mode."; - push @adjvars, "binlog_format = ROW"; - } - else { - goodprint "Binlog format is in ROW mode."; - } - if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { - badprint "InnoDB flush log at each commit should be disabled."; - push @adjvars, "innodb_flush_log_at_trx_commit = 0"; - } - else { - goodprint "InnoDB flush log at each commit is disabled for Galera."; - } - - infoprint "Read consistency mode :" . $myvar{'wsrep_causal_reads'}; - - if ( defined( $myvar{'wsrep_cluster_name'} ) - and $myvar{'wsrep_on'} eq "ON" ) - { - goodprint "Galera WsREP is enabled."; - if ( defined( $myvar{'wsrep_cluster_address'} ) - and trim("$myvar{'wsrep_cluster_address'}") ne "" ) - { - goodprint "Galera Cluster address is defined: " - . $myvar{'wsrep_cluster_address'}; - my @NodesTmp = split /,/, $myvar{'wsrep_cluster_address'}; - my $nbNodes = @NodesTmp; - infoprint "There are $nbNodes nodes in wsrep_cluster_address"; - my $nbNodesSize = trim( $mystat{'wsrep_cluster_size'} ); - if ( $nbNodesSize == 3 or $nbNodesSize == 5 ) { - goodprint "There are $nbNodesSize nodes in wsrep_cluster_size."; - } - else { - badprint -"There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; - push @generalrec, "Prefer 3 or 5 nodes architecture."; - } - - # wsrep_cluster_address doesn't include garbd nodes - if ( $nbNodes > $nbNodesSize ) { - badprint -"All cluster nodes are not detected. wsrep_cluster_size less then node count in wsrep_cluster_address"; - } - else { - goodprint "All cluster nodes detected."; - } - } - else { - badprint "Galera Cluster address is undefined"; - push @adjvars, - "set up wsrep_cluster_address variable for Galera replication"; - } - if ( defined( $myvar{'wsrep_cluster_name'} ) - and trim( $myvar{'wsrep_cluster_name'} ) ne "" ) - { - goodprint "Galera Cluster name is defined: " - . $myvar{'wsrep_cluster_name'}; - } - else { - badprint "Galera Cluster name is undefined"; - push @adjvars, - "set up wsrep_cluster_name variable for Galera replication"; - } - if ( defined( $myvar{'wsrep_node_name'} ) - and trim( $myvar{'wsrep_node_name'} ) ne "" ) - { - goodprint "Galera Node name is defined: " - . $myvar{'wsrep_node_name'}; - } - else { - badprint "Galera node name is undefined"; - push @adjvars, - "set up wsrep_node_name variable for Galera replication"; - } - if ( trim( $myvar{'wsrep_notify_cmd'} ) ne "" ) { - goodprint "Galera Notify command is defined."; - } - else { - badprint "Galera Notify command is not defined."; - push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); - } - if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" - and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup" ) - { - badprint "Galera SST method is not xtrabackup based."; - push( @adjvars, -"set up parameter wsrep_sst_method to xtrabackup based parameter" - ); - } - else { - goodprint "SST Method is based on xtrabackup."; - } - if ( - ( - defined( $myvar{'wsrep_OSU_method'} ) - && trim( $myvar{'wsrep_OSU_method'} ) eq "TOI" - ) - || ( defined( $myvar{'wsrep_osu_method'} ) - && trim( $myvar{'wsrep_osu_method'} ) eq "TOI" ) - ) - { - goodprint "TOI is default mode for upgrade."; - } - else { - badprint "Schema upgrade are not replicated automatically"; - push( @adjvars, "set up parameter wsrep_OSU_method to TOI" ); - } - infoprint "Max WsRep message : " - . hr_bytes( $myvar{'wsrep_max_ws_size'} ); - } - else { - badprint "Galera WsREP is disabled"; - } - - if ( defined( $mystat{'wsrep_connected'} ) - and $mystat{'wsrep_connected'} eq "ON" ) - { - goodprint "Node is connected"; - } - else { - badprint "Node is disconnected"; - } - if ( defined( $mystat{'wsrep_ready'} ) and $mystat{'wsrep_ready'} eq "ON" ) - { - goodprint "Node is ready"; - } - else { - badprint "Node is not ready"; - } - infoprint "Cluster status :" . $mystat{'wsrep_cluster_status'}; - if ( defined( $mystat{'wsrep_cluster_status'} ) - and $mystat{'wsrep_cluster_status'} eq "Primary" ) - { - goodprint "Galera cluster is consistent and ready for operations"; - } - else { - badprint "Cluster is not consistent and ready"; - } - if ( $mystat{'wsrep_local_state_uuid'} eq - $mystat{'wsrep_cluster_state_uuid'} ) - { - goodprint "Node and whole cluster at the same level: " - . $mystat{'wsrep_cluster_state_uuid'}; - } - else { - badprint "Node and whole cluster not the same level"; - infoprint "Node state uuid: " . $mystat{'wsrep_local_state_uuid'}; - infoprint "Cluster state uuid: " . $mystat{'wsrep_cluster_state_uuid'}; - } - if ( $mystat{'wsrep_local_state_comment'} eq 'Synced' ) { - goodprint "Node is synced with whole cluster."; - } - else { - badprint "Node is not synced"; - infoprint "Node State : " . $mystat{'wsrep_local_state_comment'}; - } - if ( $mystat{'wsrep_local_cert_failures'} == 0 ) { - goodprint "There is no certification failures detected."; - } - else { - badprint "There is " - . $mystat{'wsrep_local_cert_failures'} - . " certification failure(s)detected."; - } - - for my $key ( keys %mystat ) { - if ( $key =~ /wsrep_|galera/i ) { - debugprint "WSREP: $key = $mystat{$key}"; - } - } - debugprint Dumper get_wsrep_options(); -} - -# Recommendations for InnoDB -sub mysql_innodb { - subheaderprint "InnoDB Metrics"; - - # InnoDB - unless ( defined $myvar{'have_innodb'} - && $myvar{'have_innodb'} eq "YES" - && defined $enginestats{'InnoDB'} ) - { - infoprint "InnoDB is disabled."; - if ( mysql_version_ge( 5, 5 ) ) { - badprint -"InnoDB Storage engine is disabled. InnoDB is the default storage engine"; - } - return; - } - infoprint "InnoDB is enabled."; - - if ( $opt{buffers} ne 0 ) { - infoprint "InnoDB Buffers"; - if ( defined $myvar{'innodb_buffer_pool_size'} ) { - infoprint " +-- InnoDB Buffer Pool: " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . ""; - } - if ( defined $myvar{'innodb_buffer_pool_instances'} ) { - infoprint " +-- InnoDB Buffer Pool Instances: " - . $myvar{'innodb_buffer_pool_instances'} . ""; - } - - if ( defined $myvar{'innodb_buffer_pool_chunk_size'} ) { - infoprint " +-- InnoDB Buffer Pool Chunk Size: " - . hr_bytes( $myvar{'innodb_buffer_pool_chunk_size'} ) . ""; - } - if ( defined $myvar{'innodb_additional_mem_pool_size'} ) { - infoprint " +-- InnoDB Additional Mem Pool: " - . hr_bytes( $myvar{'innodb_additional_mem_pool_size'} ) . ""; - } - if ( defined $myvar{'innodb_log_file_size'} ) { - infoprint " +-- InnoDB Log File Size: " - . hr_bytes( $myvar{'innodb_log_file_size'} ); - } - if ( defined $myvar{'innodb_log_files_in_group'} ) { - infoprint " +-- InnoDB Log File In Group: " - . $myvar{'innodb_log_files_in_group'}; - } - if ( defined $myvar{'innodb_log_files_in_group'} ) { - infoprint " +-- InnoDB Total Log File Size: " - . hr_bytes( $myvar{'innodb_log_files_in_group'} * - $myvar{'innodb_log_file_size'} ) - . "(" - . $mycalc{'innodb_log_size_pct'} - . " % of buffer pool)"; - } - if ( defined $myvar{'innodb_log_buffer_size'} ) { - infoprint " +-- InnoDB Log Buffer: " - . hr_bytes( $myvar{'innodb_log_buffer_size'} ); - } - if ( defined $mystat{'Innodb_buffer_pool_pages_free'} ) { - infoprint " +-- InnoDB Log Buffer Free: " - . hr_bytes( $mystat{'Innodb_buffer_pool_pages_free'} ) . ""; - } - if ( defined $mystat{'Innodb_buffer_pool_pages_total'} ) { - infoprint " +-- InnoDB Log Buffer Used: " - . hr_bytes( $mystat{'Innodb_buffer_pool_pages_total'} ) . ""; - } - } - if ( defined $myvar{'innodb_thread_concurrency'} ) { - infoprint "InnoDB Thread Concurrency: " - . $myvar{'innodb_thread_concurrency'}; - } - - # InnoDB Buffer Pool Size - if ( $myvar{'innodb_file_per_table'} eq "ON" ) { - goodprint "InnoDB File per table is activated"; - } - else { - badprint "InnoDB File per table is not activated"; - push( @adjvars, "innodb_file_per_table=ON" ); - } - - # InnoDB Buffer Pool Size - if ( $myvar{'innodb_buffer_pool_size'} > $enginestats{'InnoDB'} ) { - goodprint "InnoDB buffer pool / data size: " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" - . hr_bytes( $enginestats{'InnoDB'} ) . ""; - } - else { - badprint "InnoDB buffer pool / data size: " - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" - . hr_bytes( $enginestats{'InnoDB'} ) . ""; - push( @adjvars, - "innodb_buffer_pool_size (>= " - . hr_bytes( $enginestats{'InnoDB'} ) - . ") if possible." ); - } - if ( $mycalc{'innodb_log_size_pct'} < 20 - or $mycalc{'innodb_log_size_pct'} > 30 ) - { - badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" - . $mycalc{'innodb_log_size_pct'} . " %): " - . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " - . $myvar{'innodb_log_files_in_group'} . "/" - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - push( - @adjvars, - "innodb_log_file_size should be (=" - . hr_bytes_rnd( - $myvar{'innodb_buffer_pool_size'} / - $myvar{'innodb_log_files_in_group'} / 4 - ) - . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." - ); - push( @generalrec, -"Before changing innodb_log_file_size and/or innodb_log_files_in_group read this: https://bit.ly/2TcGgtU" - ); - } - else { - goodprint "Ratio InnoDB log file size / InnoDB Buffer pool size: " - . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " - . $myvar{'innodb_log_files_in_group'} . "/" - . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) - . " should be equal to 25%"; - } - - # InnoDB Buffer Pool Instances (MySQL 5.6.6+) - if ( defined( $myvar{'innodb_buffer_pool_instances'} ) ) { - - # Bad Value if > 64 - if ( $myvar{'innodb_buffer_pool_instances'} > 64 ) { - badprint "InnoDB buffer pool instances: " - . $myvar{'innodb_buffer_pool_instances'} . ""; - push( @adjvars, "innodb_buffer_pool_instances (<= 64)" ); - } - - # InnoDB Buffer Pool Size > 1Go - if ( $myvar{'innodb_buffer_pool_size'} > 1024 * 1024 * 1024 ) { - -# InnoDB Buffer Pool Size / 1Go = InnoDB Buffer Pool Instances limited to 64 max. - - # InnoDB Buffer Pool Size > 64Go - my $max_innodb_buffer_pool_instances = - int( $myvar{'innodb_buffer_pool_size'} / ( 1024 * 1024 * 1024 ) ); - $max_innodb_buffer_pool_instances = 64 - if ( $max_innodb_buffer_pool_instances > 64 ); - - if ( $myvar{'innodb_buffer_pool_instances'} != - $max_innodb_buffer_pool_instances ) - { - badprint "InnoDB buffer pool instances: " - . $myvar{'innodb_buffer_pool_instances'} . ""; - push( @adjvars, - "innodb_buffer_pool_instances(=" - . $max_innodb_buffer_pool_instances - . ")" ); - } - else { - goodprint "InnoDB buffer pool instances: " - . $myvar{'innodb_buffer_pool_instances'} . ""; - } - - # InnoDB Buffer Pool Size < 1Go - } - else { - if ( $myvar{'innodb_buffer_pool_instances'} != 1 ) { - badprint -"InnoDB buffer pool <= 1G and Innodb_buffer_pool_instances(!=1)."; - push( @adjvars, "innodb_buffer_pool_instances (=1)" ); - } - else { - goodprint "InnoDB buffer pool instances: " - . $myvar{'innodb_buffer_pool_instances'} . ""; - } - } - } - - # InnoDB Used Buffer Pool Size vs CHUNK size - if ( !defined( $myvar{'innodb_buffer_pool_chunk_size'} ) ) { - infoprint - "InnoDB Buffer Pool Chunk Size not used or defined in your version"; - } - else { - infoprint "Number of InnoDB Buffer Pool Chunk : " - . int( $myvar{'innodb_buffer_pool_size'} ) / - int( $myvar{'innodb_buffer_pool_chunk_size'} ) . " for " - . $myvar{'innodb_buffer_pool_instances'} - . " Buffer Pool Instance(s)"; - - if ( - int( $myvar{'innodb_buffer_pool_size'} ) % ( - int( $myvar{'innodb_buffer_pool_chunk_size'} ) * - int( $myvar{'innodb_buffer_pool_instances'} ) - ) eq 0 - ) - { - goodprint -"Innodb_buffer_pool_size aligned with Innodb_buffer_pool_chunk_size & Innodb_buffer_pool_instances"; - } - else { - badprint -"Innodb_buffer_pool_size aligned with Innodb_buffer_pool_chunk_size & Innodb_buffer_pool_instances"; - -#push( @adjvars, "Adjust innodb_buffer_pool_instances, innodb_buffer_pool_chunk_size with innodb_buffer_pool_size" ); - push( @adjvars, -"innodb_buffer_pool_size must always be equal to or a multiple of innodb_buffer_pool_chunk_size * innodb_buffer_pool_instances" - ); - } - } - - # InnoDB Read efficiency - if ( defined $mycalc{'pct_read_efficiency'} - && $mycalc{'pct_read_efficiency'} < 90 ) - { - badprint "InnoDB Read buffer efficiency: " - . $mycalc{'pct_read_efficiency'} . "% (" - . ( $mystat{'Innodb_buffer_pool_read_requests'} - - $mystat{'Innodb_buffer_pool_reads'} ) - . " hits/ " - . $mystat{'Innodb_buffer_pool_read_requests'} - . " total)"; - } - else { - goodprint "InnoDB Read buffer efficiency: " - . $mycalc{'pct_read_efficiency'} . "% (" - . ( $mystat{'Innodb_buffer_pool_read_requests'} - - $mystat{'Innodb_buffer_pool_reads'} ) - . " hits/ " - . $mystat{'Innodb_buffer_pool_read_requests'} - . " total)"; - } - - # InnoDB Write efficiency - if ( defined $mycalc{'pct_write_efficiency'} - && $mycalc{'pct_write_efficiency'} < 90 ) - { - badprint "InnoDB Write Log efficiency: " - . abs( $mycalc{'pct_write_efficiency'} ) . "% (" - . abs( $mystat{'Innodb_log_write_requests'} - - $mystat{'Innodb_log_writes'} ) - . " hits/ " - . $mystat{'Innodb_log_write_requests'} - . " total)"; - } - else { - goodprint "InnoDB Write log efficiency: " - . $mycalc{'pct_write_efficiency'} . "% (" - . ( $mystat{'Innodb_log_write_requests'} - - $mystat{'Innodb_log_writes'} ) - . " hits/ " - . $mystat{'Innodb_log_write_requests'} - . " total)"; - } - - # InnoDB Log Waits - if ( defined $mystat{'Innodb_log_waits'} - && $mystat{'Innodb_log_waits'} > 0 ) - { - badprint "InnoDB log waits: " - . percentage( $mystat{'Innodb_log_waits'}, - $mystat{'Innodb_log_writes'} ) - . "% (" - . $mystat{'Innodb_log_waits'} - . " waits / " - . $mystat{'Innodb_log_writes'} - . " writes)"; - push( @adjvars, - "innodb_log_buffer_size (>= " - . hr_bytes_rnd( $myvar{'innodb_log_buffer_size'} ) - . ")" ); - } - else { - goodprint "InnoDB log waits: " - . percentage( $mystat{'Innodb_log_waits'}, - $mystat{'Innodb_log_writes'} ) - . "% (" - . $mystat{'Innodb_log_waits'} - . " waits / " - . $mystat{'Innodb_log_writes'} - . " writes)"; - } - $result{'Calculations'} = {%mycalc}; -} - -sub check_metadata_perf { - subheaderprint "Analysis Performance Metrics"; - if ( defined $myvar{'innodb_stats_on_metadata'} ) { - infoprint "innodb_stats_on_metadata: " - . $myvar{'innodb_stats_on_metadata'}; - if ( $myvar{'innodb_stats_on_metadata'} eq 'ON' ) { - badprint "Stat are updated during querying INFORMATION_SCHEMA."; - push @adjvars, "SET innodb_stats_on_metadata = OFF"; - - #Disabling innodb_stats_on_metadata - select_one("SET GLOBAL innodb_stats_on_metadata = OFF;"); - return 1; - } - } - goodprint "No stat updates during querying INFORMATION_SCHEMA."; - return 0; -} - -# Recommendations for Database metrics -sub mysql_databases { - return if ( $opt{dbstat} == 0 ); - - subheaderprint "Database Metrics"; - unless ( mysql_version_ge( 5, 5 ) ) { - infoprint -"Skip Database metrics from information schema missing in this version"; - return; - } - - my @dblist = select_array( -"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" - ); - infoprint "There is " . scalar(@dblist) . " Database(s)."; - my @totaldbinfo = split /\s/, - select_one( -"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" - ); - infoprint "All User Databases:"; - infoprint " +-- TABLE : " - . ( $totaldbinfo[4] eq 'NULL' ? 0 : $totaldbinfo[4] ) . ""; - infoprint " +-- ROWS : " - . ( $totaldbinfo[0] eq 'NULL' ? 0 : $totaldbinfo[0] ) . ""; - infoprint " +-- DATA : " - . hr_bytes( $totaldbinfo[1] ) . "(" - . percentage( $totaldbinfo[1], $totaldbinfo[3] ) . "%)"; - infoprint " +-- INDEX : " - . hr_bytes( $totaldbinfo[2] ) . "(" - . percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%)"; - infoprint " +-- SIZE : " . hr_bytes( $totaldbinfo[3] ) . ""; - infoprint " +-- COLLA : " - . ( $totaldbinfo[5] eq 'NULL' ? 0 : $totaldbinfo[5] ) . " (" - . ( - join ", ", - select_array( - "SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES;") - ) . ")"; - infoprint " +-- ENGIN : " - . ( $totaldbinfo[6] eq 'NULL' ? 0 : $totaldbinfo[6] ) . " (" - . ( - join ", ", - select_array("SELECT DISTINCT(ENGINE) FROM information_schema.TABLES;") - ) . ")"; - - $result{'Databases'}{'All databases'}{'Rows'} = - ( $totaldbinfo[0] eq 'NULL' ? 0 : $totaldbinfo[0] ); - $result{'Databases'}{'All databases'}{'Data Size'} = $totaldbinfo[1]; - $result{'Databases'}{'All databases'}{'Data Pct'} = - percentage( $totaldbinfo[1], $totaldbinfo[3] ) . "%"; - $result{'Databases'}{'All databases'}{'Index Size'} = $totaldbinfo[2]; - $result{'Databases'}{'All databases'}{'Index Pct'} = - percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%"; - $result{'Databases'}{'All databases'}{'Total Size'} = $totaldbinfo[3]; - print "\n" unless ( $opt{'silent'} or $opt{'json'} ); - - foreach (@dblist) { - my @dbinfo = split /\s/, - select_one( -"SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE),COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" - ); - next unless defined $dbinfo[0]; - infoprint "Database: " . $dbinfo[0] . ""; - infoprint " +-- TABLE: " - . ( !defined( $dbinfo[6] ) or $dbinfo[6] eq 'NULL' ? 0 : $dbinfo[6] ) - . ""; - infoprint " +-- COLL : " - . ( $dbinfo[7] eq 'NULL' ? 0 : $dbinfo[7] ) . " (" - . ( - join ", ", - select_array( -"SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_';" - ) - ) . ")"; - infoprint " +-- ROWS : " - . ( !defined( $dbinfo[1] ) or $dbinfo[1] eq 'NULL' ? 0 : $dbinfo[1] ) - . ""; - infoprint " +-- DATA : " - . hr_bytes( $dbinfo[2] ) . "(" - . percentage( $dbinfo[2], $dbinfo[4] ) . "%)"; - infoprint " +-- INDEX: " - . hr_bytes( $dbinfo[3] ) . "(" - . percentage( $dbinfo[3], $dbinfo[4] ) . "%)"; - infoprint " +-- TOTAL: " . hr_bytes( $dbinfo[4] ) . ""; - infoprint " +-- ENGIN : " - . ( $dbinfo[8] eq 'NULL' ? 0 : $dbinfo[8] ) . " (" - . ( - join ", ", - select_array( -"SELECT DISTINCT(ENGINE) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_'" - ) - ) . ")"; - badprint "Index size is larger than data size for $dbinfo[0] \n" - if ( $dbinfo[2] ne 'NULL' ) - and ( $dbinfo[3] ne 'NULL' ) - and ( $dbinfo[2] < $dbinfo[3] ); - badprint "There are " . $dbinfo[5] . " storage engines. Be careful. \n" - if $dbinfo[5] > 1; - $result{'Databases'}{ $dbinfo[0] }{'Rows'} = $dbinfo[1]; - $result{'Databases'}{ $dbinfo[0] }{'Tables'} = $dbinfo[6]; - $result{'Databases'}{ $dbinfo[0] }{'Collations'} = $dbinfo[7]; - $result{'Databases'}{ $dbinfo[0] }{'Data Size'} = $dbinfo[2]; - $result{'Databases'}{ $dbinfo[0] }{'Data Pct'} = - percentage( $dbinfo[2], $dbinfo[4] ) . "%"; - $result{'Databases'}{ $dbinfo[0] }{'Index Size'} = $dbinfo[3]; - $result{'Databases'}{ $dbinfo[0] }{'Index Pct'} = - percentage( $dbinfo[3], $dbinfo[4] ) . "%"; - $result{'Databases'}{ $dbinfo[0] }{'Total Size'} = $dbinfo[4]; - - if ( $dbinfo[7] > 1 ) { - badprint $dbinfo[7] - . " different collations for database " - . $dbinfo[0]; - push( @generalrec, - "Check all table collations are identical for all tables in " - . $dbinfo[0] - . " database." ); - } - else { - goodprint $dbinfo[7] - . " collation for " - . $dbinfo[0] - . " database."; - } - if ( $dbinfo[8] > 1 ) { - badprint $dbinfo[8] - . " different engines for database " - . $dbinfo[0]; - push( @generalrec, - "Check all table engines are identical for all tables in " - . $dbinfo[0] - . " database." ); - } - else { - goodprint $dbinfo[8] . " engine for " . $dbinfo[0] . " database."; - } - - my @distinct_column_charset = select_array( -"select DISTINCT(CHARACTER_SET_NAME) from information_schema.COLUMNS where CHARACTER_SET_NAME IS NOT NULL AND TABLE_SCHEMA ='$_'" - ); - infoprint "Charsets for $dbinfo[0] database table column: " - . join( ', ', @distinct_column_charset ); - if ( scalar(@distinct_column_charset) > 1 ) { - badprint $dbinfo[0] - . " table column(s) has several charsets defined for all text like column(s)."; - push( @generalrec, - "Limit charset for column to one charset if possible for " - . $dbinfo[0] - . " database." ); - } - else { - goodprint $dbinfo[0] - . " table column(s) has same charset defined for all text like column(s)."; - } - - my @distinct_column_collation = select_array( -"select DISTINCT(COLLATION_NAME) from information_schema.COLUMNS where COLLATION_NAME IS NOT NULL AND TABLE_SCHEMA ='$_'" - ); - infoprint "Collations for $dbinfo[0] database table column: " - . join( ', ', @distinct_column_collation ); - if ( scalar(@distinct_column_collation) > 1 ) { - badprint $dbinfo[0] - . " table column(s) has several collations defined for all text like column(s)."; - push( @generalrec, - "Limit collations for column to one collation if possible for " - . $dbinfo[0] - . " database." ); - } - else { - goodprint $dbinfo[0] - . " table column(s) has same collation defined for all text like column(s)."; - } - } - -} - -# Recommendations for database columns -sub mysql_tables { - return if ( $opt{tbstat} == 0 ); - - subheaderprint "Table Column Metrics"; - unless ( mysql_version_ge( 5, 5 ) ) { - infoprint -"Skip Database metrics from information schema missing in this version"; - return; - } - my @dblist = select_array( -"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" - ); - foreach (@dblist) { - my $dbname = $_; - next unless defined $_; - infoprint "Database: " . $_ . ""; - my @dbtable = select_array( -"SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname' AND TABLE_TYPE='BASE TABLE' ORDER BY TABLE_NAME" - ); - foreach (@dbtable) { - my $tbname = $_; - infoprint " +-- TABLE: $tbname"; - my @tbcol = select_array( -"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" - ); - foreach (@tbcol) { - my $ctype = select_one( -"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " - ); - my $isnull = select_one( -"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " - ); - infoprint " +-- Column $tbname.$_:"; - my $current_type = - uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" ); - my $optimal_type = select_str_g( "Optimal_fieldtype", -"SELECT \\`$_\\` FROM \\`$dbname\\`.\\`$tbname\\` PROCEDURE ANALYSE(100000)" - ); - if ( not defined($optimal_type) or $optimal_type eq '' ) { - infoprint " Current Fieldtype: $current_type"; - infoprint " Optimal Fieldtype: Not available"; - } - elsif ( $current_type ne $optimal_type ) { - infoprint " Current Fieldtype: $current_type"; - infoprint " Optimal Fieldtype: $optimal_type"; - badprint -"Consider changing type for column $_ in table $dbname.$tbname"; - push( @generalrec, -"ALTER TABLE \`$dbname\`.\`$tbname\` MODIFY \`$_\` $optimal_type;" - ); - - } - else { - goodprint "$dbname.$tbname ($_) type: $current_type"; - } - } - } - - } -} - -# Recommendations for Indexes metrics -sub mysql_indexes { - return if ( $opt{idxstat} == 0 ); - - subheaderprint "Indexes Metrics"; - unless ( mysql_version_ge( 5, 5 ) ) { - infoprint - "Skip Index metrics from information schema missing in this version"; - return; - } - -# unless ( mysql_version_ge( 5, 6 ) ) { -# infoprint -#"Skip Index metrics from information schema due to erroneous information provided in this version"; -# return; -# } - my $selIdxReq = <<'ENDSQL'; -SELECT - CONCAT(CONCAT(t.TABLE_SCHEMA, '.'),t.TABLE_NAME) AS 'table' - , CONCAT(CONCAT(CONCAT(s.INDEX_NAME, '('),s.COLUMN_NAME), ')') AS 'index' - , s.SEQ_IN_INDEX AS 'seq' - , s2.max_columns AS 'maxcol' - , s.CARDINALITY AS 'card' - , t.TABLE_ROWS AS 'est_rows' - , INDEX_TYPE as type - , ROUND(((s.CARDINALITY / IFNULL(t.TABLE_ROWS, 0.01)) * 100), 2) AS 'sel' -FROM INFORMATION_SCHEMA.STATISTICS s - INNER JOIN INFORMATION_SCHEMA.TABLES t - ON s.TABLE_SCHEMA = t.TABLE_SCHEMA - AND s.TABLE_NAME = t.TABLE_NAME - INNER JOIN ( - SELECT - TABLE_SCHEMA - , TABLE_NAME - , INDEX_NAME - , MAX(SEQ_IN_INDEX) AS max_columns - FROM INFORMATION_SCHEMA.STATISTICS - WHERE TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema') - AND INDEX_TYPE <> 'FULLTEXT' - GROUP BY TABLE_SCHEMA, TABLE_NAME, INDEX_NAME - ) AS s2 - ON s.TABLE_SCHEMA = s2.TABLE_SCHEMA - AND s.TABLE_NAME = s2.TABLE_NAME - AND s.INDEX_NAME = s2.INDEX_NAME -WHERE t.TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema') -AND t.TABLE_ROWS > 10 -AND s.CARDINALITY IS NOT NULL -AND (s.CARDINALITY / IFNULL(t.TABLE_ROWS, 0.01)) < 8.00 -ORDER BY sel -LIMIT 10; -ENDSQL - my @idxinfo = select_array($selIdxReq); - infoprint "Worst selectivity indexes:"; - foreach (@idxinfo) { - debugprint "$_"; - my @info = split /\s/; - infoprint "Index: " . $info[1] . ""; - - infoprint " +-- COLUMN : " . $info[0] . ""; - infoprint " +-- NB SEQS : " . $info[2] . " sequence(s)"; - infoprint " +-- NB COLS : " . $info[3] . " column(s)"; - infoprint " +-- CARDINALITY : " . $info[4] . " distinct values"; - infoprint " +-- NB ROWS : " . $info[5] . " rows"; - infoprint " +-- TYPE : " . $info[6]; - infoprint " +-- SELECTIVITY : " . $info[7] . "%"; - - $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; - $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; - $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; - $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; - $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; - $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; - $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; - if ( $info[7] < 25 ) { - badprint "$info[1] has a low selectivity"; - } - } - - return - unless ( defined( $myvar{'performance_schema'} ) - and $myvar{'performance_schema'} eq 'ON' ); - - $selIdxReq = <<'ENDSQL'; -SELECT CONCAT(CONCAT(object_schema,'.'),object_name) AS 'table', index_name -FROM performance_schema.table_io_waits_summary_by_index_usage -WHERE index_name IS NOT NULL -AND count_star =0 -AND index_name <> 'PRIMARY' -AND object_schema != 'mysql' -ORDER BY count_star, object_schema, object_name; -ENDSQL - @idxinfo = select_array($selIdxReq); - infoprint "Unused indexes:"; - push( @generalrec, "Remove unused indexes." ) if ( scalar(@idxinfo) > 0 ); - foreach (@idxinfo) { - debugprint "$_"; - my @info = split /\s/; - badprint "Index: $info[1] on $info[0] is not used."; - push @{ $result{'Indexes'}{'Unused Indexes'} }, - $info[0] . "." . $info[1]; - } -} - -# Take the two recommendation arrays and display them at the end of the output -sub make_recommendations { - $result{'Recommendations'} = \@generalrec; - $result{'Adjust variables'} = \@adjvars; - subheaderprint "Recommendations"; - if ( @generalrec > 0 ) { - prettyprint "General recommendations:"; - foreach (@generalrec) { prettyprint " " . $_ . ""; } - } - if ( @adjvars > 0 ) { - prettyprint "Variables to adjust:"; - if ( $mycalc{'pct_max_physical_memory'} > 90 ) { - prettyprint - " *** MySQL's maximum memory usage is dangerously high ***\n" - . " *** Add RAM before increasing MySQL buffer variables ***"; - } - foreach (@adjvars) { prettyprint " " . $_ . ""; } - } - if ( @generalrec == 0 && @adjvars == 0 ) { - prettyprint "No additional performance recommendations are available."; - } -} - -sub close_outputfile { - close($fh) if defined($fh); -} - -sub headerprint { - prettyprint - " >> MySQLTuner $tunerversion - Major Hayden \n" - . " >> Bug reports, feature requests, and downloads at http://mysqltuner.com/\n" - . " >> Run with '--help' for additional options and output filtering"; -} - -sub string2file { - my $filename = shift; - my $content = shift; - open my $fh, q(>), $filename - or die -"Unable to open $filename in write mode. Please check permissions for this file or directory"; - print $fh $content if defined($content); - close $fh; - debugprint $content if ( $opt{'debug'} ); -} - -sub file2array { - my $filename = shift; - debugprint "* reading $filename" if ( $opt{'debug'} ); - my $fh; - open( $fh, q(<), "$filename" ) - or die "Couldn't open $filename for reading: $!\n"; - my @lines = <$fh>; - close($fh); - return @lines; -} - -sub file2string { - return join( '', file2array(@_) ); -} - -my $templateModel; -if ( $opt{'template'} ne 0 ) { - $templateModel = file2string( $opt{'template'} ); -} -else { - # DEFAULT REPORT TEMPLATE - $templateModel = <<'END_TEMPLATE'; - - - - MySQLTuner Report - - - - -

Result output

-
-{$data}
-
- - - -END_TEMPLATE -} - -sub dump_result { - debugprint Dumper( \%result ) if ( $opt{'debug'} ); - debugprint "HTML REPORT: $opt{'reportfile'}"; - - if ( $opt{'reportfile'} ne 0 ) { - eval { require Text::Template }; - eval { require JSON }; - if ($@) { - badprint "Text::Template Module is needed."; - die "Text::Template Module is needed."; - } - - my $json = JSON->new->allow_nonref; - my $json_text = $json->pretty->encode( \%result ); - my %vars = ( - 'data' => \%result, - 'debug' => $json_text, - ); - my $template; - { - no warnings 'once'; - $template = Text::Template->new( - TYPE => 'STRING', - PREPEND => q{;}, - SOURCE => $templateModel, - DELIMITERS => [ '[%', '%]' ] - ) or die "Couldn't construct template: $Text::Template::ERROR"; - } - - open my $fh, q(>), $opt{'reportfile'} - or die -"Unable to open $opt{'reportfile'} in write mode. please check permissions for this file or directory"; - $template->fill_in( HASH => \%vars, OUTPUT => $fh ); - close $fh; - } - - if ( $opt{'json'} ne 0 ) { - eval { require JSON }; - if ($@) { - print "$bad JSON Module is needed.\n"; - return 1; - } - - my $json = JSON->new->allow_nonref; - print $json->utf8(1)->pretty( ( $opt{'prettyjson'} ? 1 : 0 ) ) - ->encode( \%result ); - - if ( $opt{'outputfile'} ne 0 ) { - unlink $opt{'outputfile'} if ( -e $opt{'outputfile'} ); - open my $fh, q(>), $opt{'outputfile'} - or die -"Unable to open $opt{'outputfile'} in write mode. please check permissions for this file or directory"; - print $fh $json->utf8(1)->pretty( ( $opt{'prettyjson'} ? 1 : 0 ) ) - ->encode( \%result ); - close $fh; - } - } -} - -sub which { - my $prog_name = shift; - my $path_string = shift; - my @path_array = split /:/, $ENV{'PATH'}; - - for my $path (@path_array) { - return "$path/$prog_name" if ( -x "$path/$prog_name" ); - } - - return 0; -} - -# --------------------------------------------------------------------------- -# BEGIN 'MAIN' -# --------------------------------------------------------------------------- -headerprint; # Header Print - -validate_tuner_version; # Check last version -mysql_setup; # Gotta login first -debugprint "MySQL FINAL Client : $mysqlcmd $mysqllogin"; -debugprint "MySQL Admin FINAL Client : $mysqladmincmd $mysqllogin"; - -#exit(0); -os_setup; # Set up some OS variables -get_all_vars; # Toss variables/status into hashes -get_tuning_info; # Get information about the tuning connexion -validate_mysql_version; # Check current MySQL version - -check_architecture; # Suggest 64-bit upgrade -system_recommendations; # avoid to many service on the same host -log_file_recommendations; # check log file content -check_storage_engines; # Show enabled storage engines - -check_metadata_perf; # Show parameter impacting performance during analysis -mysql_databases; # Show informations about databases -mysql_tables; # Show informations about table column - -mysql_indexes; # Show informations about indexes -security_recommendations; # Display some security recommendations -cve_recommendations; # Display related CVE -calculations; # Calculate everything we need -mysql_stats; # Print the server stats -mysqsl_pfs; # Print Performance schema info -mariadb_threadpool; # Print MariaDB ThreadPool stats -mysql_myisam; # Print MyISAM stats -mysql_innodb; # Print InnoDB stats -mariadb_ariadb; # Print MariaDB AriaDB stats -mariadb_tokudb; # Print MariaDB Tokudb stats -mariadb_xtradb; # Print MariaDB XtraDB stats - -#mariadb_rockdb; # Print MariaDB RockDB stats -#mariadb_spider; # Print MariaDB Spider stats -#mariadb_connect; # Print MariaDB Connect stats -mariadb_galera; # Print MariaDB Galera Cluster stats -get_replication_status; # Print replication info -make_recommendations; # Make recommendations based on stats -dump_result; # Dump result if debug is on -close_outputfile; # Close reportfile if needed - -# --------------------------------------------------------------------------- -# END 'MAIN' -# --------------------------------------------------------------------------- -1; - -__END__ - -=pod - -=encoding UTF-8 - -=head1 NAME - - MySQLTuner 1.7.15 - MySQL High Performance Tuning Script - -=head1 IMPORTANT USAGE GUIDELINES - -To run the script with the default options, run the script without arguments -Allow MySQL server to run for at least 24-48 hours before trusting suggestions -Some routines may require root level privileges (script will provide warnings) -You must provide the remote server's total memory when connecting to other servers - -=head1 CONNECTION AND AUTHENTICATION - - --host Connect to a remote host to perform tests (default: localhost) - --socket Use a different socket for a local connection - --port Port to use for connection (default: 3306) - --user Username to use for authentication - --userenv Name of env variable which contains username to use for authentication - --pass Password to use for authentication - --passenv Name of env variable which contains password to use for authentication - --ssl-ca Path to public key - --mysqladmin Path to a custom mysqladmin executable - --mysqlcmd Path to a custom mysql executable - --defaults-file Path to a custom .my.cnf - -=head1 PERFORMANCE AND REPORTING OPTIONS - - --skipsize Don't enumerate tables and their types/sizes (default: on) - (Recommended for servers with many tables) - --skippassword Don't perform checks on user passwords(default: off) - --checkversion Check for updates to MySQLTuner (default: don't check) - --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) - --forcemem Amount of RAM installed in megabytes - --forceswap Amount of swap memory configured in megabytes - --passwordfile Path to a password file list(one password by line) - -=head1 OUTPUT OPTIONS - - --silent Don't output anything on screen - --nogood Remove OK responses - --nobad Remove negative/suggestion responses - --noinfo Remove informational responses - --debug Print debug information - --noprocess Consider no other process is running - --dbstat Print database information - --nodbstat Don't Print database information - --tbstat Print table information - --notbstat Don't Print table information - --idxstat Print index information - --noidxstat Don't Print index information - --sysstat Print system information - --nosysstat Don't Print system information - --pfstat Print Performance schema - --nopfstat Don't Print Performance schema - --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) - --bannedports Ports banned separated by comma(,) - --maxportallowed Number of ports opened allowed on this hosts - --cvefile CVE File for vulnerability checks - --nocolor Don't print output in color - --json Print result as JSON string - --buffers Print global and per-thread buffer values - --outputfile Path to a output txt file - --reportfile Path to a report txt file - --template Path to a template file - - -=head1 PERLDOC - -You can find documentation for this module with the perldoc command. - - perldoc mysqltuner - -=head2 INTERNALS - -L - - Internal documentation - -=head1 AUTHORS - -Major Hayden - major@mhtx.net - -=head1 CONTRIBUTORS - -=over 4 - -=item * - -Matthew Montgomery - -=item * - -Paul Kehrer - -=item * - -Dave Burgess - -=item * - -Jonathan Hinds - -=item * - -Mike Jackson - -=item * - -Nils Breunese - -=item * - -Shawn Ashlee - -=item * - -Luuk Vosslamber - -=item * - -Ville Skytta - -=item * - -Trent Hornibrook - -=item * - -Jason Gill - -=item * - -Mark Imbriaco - -=item * - -Greg Eden - -=item * - -Aubin Galinotti - -=item * - -Giovanni Bechis - -=item * - -Bill Bradford - -=item * - -Ryan Novosielski - -=item * - -Michael Scheidell - -=item * - -Blair Christensen - -=item * - -Hans du Plooy - -=item * - -Victor Trac - -=item * - -Everett Barnes - -=item * - -Tom Krouper - -=item * - -Gary Barrueto - -=item * - -Simon Greenaway - -=item * - -Adam Stein - -=item * - -Isart Montane - -=item * - -Baptiste M. - -=item * - -Cole Turner - -=item * - -Major Hayden - -=item * - -Joe Ashcraft - -=item * - -Jean-Marie Renouard - -=item * - -Stephan GroBberndt - -=item * - -Christian Loos - -=back - -=head1 SUPPORT - - -Bug reports, feature requests, and downloads at http://mysqltuner.com/ - -Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues - -Maintained by Major Hayden (major\@mhtx.net) - Licensed under GPL - -=head1 SOURCE CODE - -L - - git clone https://github.com/major/MySQLTuner-perl.git - -=head1 COPYRIGHT AND LICENSE - -Copyright (C) 2006-2018 Major Hayden - major@mhtx.net - -For the latest updates, please visit http://mysqltuner.com/ - -Git repository available at https://github.com/major/MySQLTuner-perl - -This program is free software: you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation, either version 3 of the License, or -(at your option) any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - - See the GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program. If not, see . - -=cut - -# Local variables: -# indent-tabs-mode: t -# cperl-indent-level: 8 -# perl-indent-level: 8 -# End: +#!/usr/bin/env perl +# mysqltuner.pl - Version 1.7.15 +# High Performance MySQL Tuning Script +# Copyright (C) 2006-2018 Major Hayden - major@mhtx.net +# +# For the latest updates, please visit http://mysqltuner.com/ +# Git repository available at https://github.com/major/MySQLTuner-perl +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# This project would not be possible without help from: +# Matthew Montgomery Paul Kehrer Dave Burgess +# Jonathan Hinds Mike Jackson Nils Breunese +# Shawn Ashlee Luuk Vosslamber Ville Skytta +# Trent Hornibrook Jason Gill Mark Imbriaco +# Greg Eden Aubin Galinotti Giovanni Bechis +# Bill Bradford Ryan Novosielski Michael Scheidell +# Blair Christensen Hans du Plooy Victor Trac +# Everett Barnes Tom Krouper Gary Barrueto +# Simon Greenaway Adam Stein Isart Montane +# Baptiste M. Cole Turner Major Hayden +# Joe Ashcraft Jean-Marie Renouard Christian Loos +# Julien Francoz +# +# Inspired by Matthew Montgomery's tuning-primer.sh script: +# http://www.day32.com/MySQL/ +# +package main; + +use 5.005; +use strict; +use warnings; + +use diagnostics; +use File::Spec; +use Getopt::Long; +use Pod::Usage; +use File::Basename; +use Cwd 'abs_path'; + +use Data::Dumper; +$Data::Dumper::Pair = " : "; + +# for which() +#use Env; + +# Set up a few variables for use in the script +my $tunerversion = "1.7.15"; +my ( @adjvars, @generalrec ); + +# Set defaults +my %opt = ( + "silent" => 0, + "nobad" => 0, + "nogood" => 0, + "noinfo" => 0, + "debug" => 0, + "nocolor" => ( !-t STDOUT ), + "color" => 0, + "forcemem" => 0, + "forceswap" => 0, + "host" => 0, + "socket" => 0, + "port" => 0, + "user" => 0, + "pass" => 0, + "password" => 0, + "ssl-ca" => 0, + "skipsize" => 0, + "checkversion" => 0, + "updateversion" => 0, + "buffers" => 0, + "passwordfile" => 0, + "bannedports" => '', + "maxportallowed" => 0, + "outputfile" => 0, + "noprocess" => 0, + "dbstat" => 0, + "nodbstat" => 0, + "tbstat" => 0, + "notbstat" => 0, + "idxstat" => 0, + "noidxstat" => 0, + "sysstat" => 0, + "nosysstat" => 0, + "pfstat" => 0, + "nopfstat" => 0, + "skippassword" => 0, + "noask" => 0, + "template" => 0, + "json" => 0, + "prettyjson" => 0, + "reportfile" => 0, + "verbose" => 0, + "defaults-file" => '', +); + +# Gather the options from the command line +GetOptions( + \%opt, 'nobad', + 'nogood', 'noinfo', + 'debug', 'nocolor', + 'forcemem=i', 'forceswap=i', + 'host=s', 'socket=s', + 'port=i', 'user=s', + 'pass=s', 'skipsize', + 'checkversion', 'mysqladmin=s', + 'mysqlcmd=s', 'help', + 'buffers', 'skippassword', + 'passwordfile=s', 'outputfile=s', + 'silent', 'noask', + 'json', 'prettyjson', + 'template=s', 'reportfile=s', + 'cvefile=s', 'bannedports=s', + 'updateversion', 'maxportallowed=s', + 'verbose', 'password=s', + 'passenv=s', 'userenv=s', + 'defaults-file=s', 'ssl-ca=s', + 'color', 'noprocess', + 'dbstat', 'nodbstat', + 'tbstat', 'notbstat', + 'sysstat', 'nosysstat', + 'pfstat', 'nopfstat', + 'idxstat', 'noidxstat', + ) + or pod2usage( + -exitval => 1, + -verbose => 99, + -sections => [ + "NAME", + "IMPORTANT USAGE GUIDELINES", + "CONNECTION AND AUTHENTICATION", + "PERFORMANCE AND REPORTING OPTIONS", + "OUTPUT OPTIONS" + ] + ); + +if ( defined $opt{'help'} && $opt{'help'} == 1 ) { + pod2usage( + -exitval => 0, + -verbose => 99, + -sections => [ + "NAME", + "IMPORTANT USAGE GUIDELINES", + "CONNECTION AND AUTHENTICATION", + "PERFORMANCE AND REPORTING OPTIONS", + "OUTPUT OPTIONS" + ] + ); +} + +my $devnull = File::Spec->devnull(); +my $basic_password_files = + ( $opt{passwordfile} eq "0" ) + ? abs_path( dirname(__FILE__) ) . "/basic_passwords.txt" + : abs_path( $opt{passwordfile} ); + +# Username from envvar +if ( exists $opt{userenv} && exists $ENV{ $opt{userenv} } ) { + $opt{user} = $ENV{ $opt{userenv} }; +} + +# Related to password option +if ( exists $opt{passenv} && exists $ENV{ $opt{passenv} } ) { + $opt{pass} = $ENV{ $opt{passenv} }; +} +$opt{pass} = $opt{password} if ( $opt{pass} eq 0 and $opt{password} ne 0 ); + +# for RPM distributions +$basic_password_files = "/usr/share/mysqltuner/basic_passwords.txt" + unless -f "$basic_password_files"; + +# check if we need to enable verbose mode +if ( $opt{verbose} ) { + $opt{checkversion} = 1; #Check for updates to MySQLTuner + $opt{dbstat} = 1; #Print database information + $opt{tbstat} = 1; #Print database information + $opt{idxstat} = 1; #Print index information + $opt{sysstat} = 1; #Print index information + $opt{buffers} = 1; #Print global and per-thread buffer values + $opt{pfstat} = 1; #Print performance schema info. + $opt{cvefile} = 'vulnerabilities.csv'; #CVE File for vulnerability checks +} +$opt{nocolor} = 1 if defined( $opt{outputfile} ); +$opt{tbstat} = 0 if ( $opt{notbstat} == 1 ); # Don't Print table information +$opt{dbstat} = 0 if ( $opt{nodbstat} == 1 ); # Don't Print database information +$opt{noprocess} = 0 + if ( $opt{noprocess} == 1 ); # Don't Print process information +$opt{sysstat} = 0 if ( $opt{nosysstat} == 1 ); # Don't Print sysstat information +$opt{pfstat} = 0 + if ( $opt{nopfstat} == 1 ); # Don't Print performance schema information +$opt{idxstat} = 0 if ( $opt{noidxstat} == 1 ); # Don't Print index information + +# for RPM distributions +$opt{cvefile} = "/usr/share/mysqltuner/vulnerabilities.csv" + unless ( defined $opt{cvefile} and -f "$opt{cvefile}" ); +$opt{cvefile} = '' unless -f "$opt{cvefile}"; +$opt{cvefile} = './vulnerabilities.csv' if -f './vulnerabilities.csv'; + +$opt{'bannedports'} = '' unless defined( $opt{'bannedports'} ); +my @banned_ports = split ',', $opt{'bannedports'}; + +# +my $outputfile = undef; +$outputfile = abs_path( $opt{outputfile} ) unless $opt{outputfile} eq "0"; + +my $fh = undef; +open( $fh, '>', $outputfile ) + or die("Fail opening $outputfile") + if defined($outputfile); +$opt{nocolor} = 1 if defined($outputfile); +$opt{nocolor} = 1 unless ( -t STDOUT ); + +$opt{nocolor} = 0 if ( $opt{color} == 1 ); + +# Setting up the colors for the print styles +my $me = `whoami`; +$me =~ s/\n//g; + +# Setting up the colors for the print styles +my $good = ( $opt{nocolor} == 0 ) ? "[\e[0;32mOK\e[0m]" : "[OK]"; +my $bad = ( $opt{nocolor} == 0 ) ? "[\e[0;31m!!\e[0m]" : "[!!]"; +my $info = ( $opt{nocolor} == 0 ) ? "[\e[0;34m--\e[0m]" : "[--]"; +my $deb = ( $opt{nocolor} == 0 ) ? "[\e[0;31mDG\e[0m]" : "[DG]"; +my $cmd = ( $opt{nocolor} == 0 ) ? "\e[1;32m[CMD]($me)" : "[CMD]($me)"; +my $end = ( $opt{nocolor} == 0 ) ? "\e[0m" : ""; + +# Checks for supported or EOL'ed MySQL versions +my ( $mysqlvermajor, $mysqlverminor, $mysqlvermicro ); + +# Super structure containing all information +my %result; +$result{'MySQLTuner'}{'version'} = $tunerversion; +$result{'MySQLTuner'}{'options'} = \%opt; + +# Functions that handle the print styles +sub prettyprint { + print $_[0] . "\n" unless ( $opt{'silent'} or $opt{'json'} ); + print $fh $_[0] . "\n" if defined($fh); +} +sub goodprint { prettyprint $good. " " . $_[0] unless ( $opt{nogood} == 1 ); } +sub infoprint { prettyprint $info. " " . $_[0] unless ( $opt{noinfo} == 1 ); } +sub badprint { prettyprint $bad. " " . $_[0] unless ( $opt{nobad} == 1 ); } +sub debugprint { prettyprint $deb. " " . $_[0] unless ( $opt{debug} == 0 ); } + +sub redwrap { + return ( $opt{nocolor} == 0 ) ? "\e[0;31m" . $_[0] . "\e[0m" : $_[0]; +} + +sub greenwrap { + return ( $opt{nocolor} == 0 ) ? "\e[0;32m" . $_[0] . "\e[0m" : $_[0]; +} +sub cmdprint { prettyprint $cmd. " " . $_[0] . $end; } + +sub infoprintml { + for my $ln (@_) { $ln =~ s/\n//g; infoprint "\t$ln"; } +} + +sub infoprintcmd { + cmdprint "@_"; + infoprintml grep { $_ ne '' and $_ !~ /^\s*$/ } `@_ 2>&1`; +} + +sub subheaderprint { + my $tln = 100; + my $sln = 8; + my $ln = length("@_") + 2; + + prettyprint " "; + prettyprint "-" x $sln . " @_ " . "-" x ( $tln - $ln - $sln ); +} + +sub infoprinthcmd { + subheaderprint "$_[0]"; + infoprintcmd "$_[1]"; +} + +# Calculates the number of physical cores considering HyperThreading +sub cpu_cores { + my $cntCPU = +`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`; + return ( $cntCPU == 0 ? `nproc` : $cntCPU ); +} + +# Calculates the parameter passed in bytes, then rounds it to one decimal place +sub hr_bytes { + my $num = shift; + return "0B" unless defined($num); + return "0B" if $num eq "NULL"; + + if ( $num >= ( 1024**3 ) ) { #GB + return sprintf( "%.1f", ( $num / ( 1024**3 ) ) ) . "G"; + } + elsif ( $num >= ( 1024**2 ) ) { #MB + return sprintf( "%.1f", ( $num / ( 1024**2 ) ) ) . "M"; + } + elsif ( $num >= 1024 ) { #KB + return sprintf( "%.1f", ( $num / 1024 ) ) . "K"; + } + else { + return $num . "B"; + } +} + +sub hr_raw { + my $num = shift; + return "0" unless defined($num); + return "0" if $num eq "NULL"; + if ( $num =~ /^(\d+)G$/ ) { + return $1 * 1024 * 1024 * 1024; + } + if ( $num =~ /^(\d+)M$/ ) { + return $1 * 1024 * 1024; + } + if ( $num =~ /^(\d+)K$/ ) { + return $1 * 1024; + } + if ( $num =~ /^(\d+)$/ ) { + return $1; + } + return $num; +} + +# Calculates the parameter passed in bytes, then rounds it to the nearest integer +sub hr_bytes_rnd { + my $num = shift; + return "0B" unless defined($num); + return "0B" if $num eq "NULL"; + + if ( $num >= ( 1024**3 ) ) { #GB + return int( ( $num / ( 1024**3 ) ) ) . "G"; + } + elsif ( $num >= ( 1024**2 ) ) { #MB + return int( ( $num / ( 1024**2 ) ) ) . "M"; + } + elsif ( $num >= 1024 ) { #KB + return int( ( $num / 1024 ) ) . "K"; + } + else { + return $num . "B"; + } +} + +# Calculates the parameter passed to the nearest power of 1000, then rounds it to the nearest integer +sub hr_num { + my $num = shift; + if ( $num >= ( 1000**3 ) ) { # Billions + return int( ( $num / ( 1000**3 ) ) ) . "B"; + } + elsif ( $num >= ( 1000**2 ) ) { # Millions + return int( ( $num / ( 1000**2 ) ) ) . "M"; + } + elsif ( $num >= 1000 ) { # Thousands + return int( ( $num / 1000 ) ) . "K"; + } + else { + return $num; + } +} + +# Calculate Percentage +sub percentage { + my $value = shift; + my $total = shift; + $total = 0 unless defined $total; + $total = 0 if $total eq "NULL"; + return 100, 00 if $total == 0; + return sprintf( "%.2f", ( $value * 100 / $total ) ); +} + +# Calculates uptime to display in a more attractive form +sub pretty_uptime { + my $uptime = shift; + my $seconds = $uptime % 60; + my $minutes = int( ( $uptime % 3600 ) / 60 ); + my $hours = int( ( $uptime % 86400 ) / (3600) ); + my $days = int( $uptime / (86400) ); + my $uptimestring; + if ( $days > 0 ) { + $uptimestring = "${days}d ${hours}h ${minutes}m ${seconds}s"; + } + elsif ( $hours > 0 ) { + $uptimestring = "${hours}h ${minutes}m ${seconds}s"; + } + elsif ( $minutes > 0 ) { + $uptimestring = "${minutes}m ${seconds}s"; + } + else { + $uptimestring = "${seconds}s"; + } + return $uptimestring; +} + +# Retrieves the memory installed on this machine +my ( $physical_memory, $swap_memory, $duflags ); + +sub memerror { + badprint +"Unable to determine total memory/swap; use '--forcemem' and '--forceswap'"; + exit 1; +} + +sub os_setup { + my $os = `uname`; + $duflags = ( $os =~ /Linux/ ) ? '-b' : ''; + if ( $opt{'forcemem'} > 0 ) { + $physical_memory = $opt{'forcemem'} * 1048576; + infoprint "Assuming $opt{'forcemem'} MB of physical memory"; + if ( $opt{'forceswap'} > 0 ) { + $swap_memory = $opt{'forceswap'} * 1048576; + infoprint "Assuming $opt{'forceswap'} MB of swap space"; + } + else { + $swap_memory = 0; + badprint "Assuming 0 MB of swap space (use --forceswap to specify)"; + } + } + else { + if ( $os =~ /Linux|CYGWIN/ ) { + $physical_memory = + `grep -i memtotal: /proc/meminfo | awk '{print \$2}'` + or memerror; + $physical_memory *= 1024; + + $swap_memory = + `grep -i swaptotal: /proc/meminfo | awk '{print \$2}'` + or memerror; + $swap_memory *= 1024; + } + elsif ( $os =~ /Darwin/ ) { + $physical_memory = `sysctl -n hw.memsize` or memerror; + $swap_memory = + `sysctl -n vm.swapusage | awk '{print \$3}' | sed 's/\..*\$//'` + or memerror; + } + elsif ( $os =~ /NetBSD|OpenBSD|FreeBSD/ ) { + $physical_memory = `sysctl -n hw.physmem` or memerror; + if ( $physical_memory < 0 ) { + $physical_memory = `sysctl -n hw.physmem64` or memerror; + } + $swap_memory = + `swapctl -l | grep '^/' | awk '{ s+= \$2 } END { print s }'` + or memerror; + } + elsif ( $os =~ /BSD/ ) { + $physical_memory = `sysctl -n hw.realmem` or memerror; + $swap_memory = + `swapinfo | grep '^/' | awk '{ s+= \$2 } END { print s }'`; + } + elsif ( $os =~ /SunOS/ ) { + $physical_memory = + `/usr/sbin/prtconf | grep Memory | cut -f 3 -d ' '` + or memerror; + chomp($physical_memory); + $physical_memory = $physical_memory * 1024 * 1024; + } + elsif ( $os =~ /AIX/ ) { + $physical_memory = + `lsattr -El sys0 | grep realmem | awk '{print \$2}'` + or memerror; + chomp($physical_memory); + $physical_memory = $physical_memory * 1024; + $swap_memory = `lsps -as | awk -F"(MB| +)" '/MB /{print \$2}'` + or memerror; + chomp($swap_memory); + $swap_memory = $swap_memory * 1024 * 1024; + } + elsif ( $os =~ /windows/i ) { + $physical_memory = +`wmic ComputerSystem get TotalPhysicalMemory | perl -ne "chomp; print if /[0-9]+/;"` + or memerror; + $swap_memory = +`wmic OS get FreeVirtualMemory | perl -ne "chomp; print if /[0-9]+/;"` + or memerror; + } + } + debugprint "Physical Memory: $physical_memory"; + debugprint "Swap Memory: $swap_memory"; + chomp($physical_memory); + chomp($swap_memory); + chomp($os); + $result{'OS'}{'OS Type'} = $os; + $result{'OS'}{'Physical Memory'}{'bytes'} = $physical_memory; + $result{'OS'}{'Physical Memory'}{'pretty'} = hr_bytes($physical_memory); + $result{'OS'}{'Swap Memory'}{'bytes'} = $swap_memory; + $result{'OS'}{'Swap Memory'}{'pretty'} = hr_bytes($swap_memory); + $result{'OS'}{'Other Processes'}{'bytes'} = get_other_process_memory(); + $result{'OS'}{'Other Processes'}{'pretty'} = + hr_bytes( get_other_process_memory() ); +} + +sub get_http_cli { + my $httpcli = which( "curl", $ENV{'PATH'} ); + chomp($httpcli); + if ($httpcli) { + return $httpcli; + } + + $httpcli = which( "wget", $ENV{'PATH'} ); + chomp($httpcli); + if ($httpcli) { + return $httpcli; + } + return ""; +} + +# Checks for updates to MySQLTuner +sub validate_tuner_version { + if ( $opt{'checkversion'} eq 0 and $opt{'updateversion'} eq 0 ) { + print "\n" unless ( $opt{'silent'} or $opt{'json'} ); + infoprint "Skipped version check for MySQLTuner script"; + return; + } + + my $update; + my $url = +"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; + my $httpcli = get_http_cli(); + if ( $httpcli =~ /curl$/ ) { + debugprint "$httpcli is available."; + + debugprint +"$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2"; + $update = +`$httpcli -m 3 -silent '$url' 2>/dev/null | grep 'my \$tunerversion'| cut -d\\\" -f2`; + chomp($update); + debugprint "VERSION: $update"; + + compare_tuner_version($update); + return; + } + + if ( $httpcli =~ /wget$/ ) { + debugprint "$httpcli is available."; + + debugprint +"$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2"; + $update = +`$httpcli -e timestamping=off -t 1 -T 3 -O - '$url' 2>$devnull| grep 'my \$tunerversion'| cut -d\\\" -f2`; + chomp($update); + compare_tuner_version($update); + return; + } + debugprint "curl and wget are not available."; + infoprint "Unable to check for the latest MySQLTuner version"; + infoprint +"Using --pass and --password option is insecure during MySQLTuner execution(Password disclosure)" + if ( defined( $opt{'pass'} ) ); +} + +# Checks for updates to MySQLTuner +sub update_tuner_version { + if ( $opt{'updateversion'} eq 0 ) { + badprint "Skipped version update for MySQLTuner script"; + print "\n" unless ( $opt{'silent'} or $opt{'json'} ); + return; + } + + my $update; + my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/"; + my @scripts = + ( "mysqltuner.pl", "basic_passwords.txt", "vulnerabilities.csv" ); + my $totalScripts = scalar(@scripts); + my $receivedScripts = 0; + my $httpcli = get_http_cli(); + + foreach my $script (@scripts) { + + if ( $httpcli =~ /curl$/ ) { + debugprint "$httpcli is available."; + + debugprint + "$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script"; + $update = + `$httpcli --connect-timeout 3 '$url$script' 2>$devnull > $script`; + chomp($update); + debugprint "$script updated: $update"; + + if ( -s $script eq 0 ) { + badprint "Couldn't update $script"; + } + else { + ++$receivedScripts; + debugprint "$script updated: $update"; + } + } + elsif ( $httpcli =~ /wget$/ ) { + + debugprint "$httpcli is available."; + + debugprint +"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'"; + $update = +`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`; + chomp($update); + + if ( -s $script eq 0 ) { + badprint "Couldn't update $script"; + } + else { + ++$receivedScripts; + debugprint "$script updated: $update"; + } + } + else { + debugprint "curl and wget are not available."; + infoprint "Unable to check for the latest MySQLTuner version"; + } + + } + + if ( $receivedScripts eq $totalScripts ) { + goodprint "Successfully updated MySQLTuner script"; + } + else { + badprint "Couldn't update MySQLTuner script"; + } + + #exit 0; +} + +sub compare_tuner_version { + my $remoteversion = shift; + debugprint "Remote data: $remoteversion"; + + #exit 0; + if ( $remoteversion ne $tunerversion ) { + badprint + "There is a new version of MySQLTuner available($remoteversion)"; + update_tuner_version(); + return; + } + goodprint "You have the latest version of MySQLTuner($tunerversion)"; + return; +} + +# Checks to see if a MySQL login is possible +my ( $mysqllogin, $doremote, $remotestring, $mysqlcmd, $mysqladmincmd ); + +my $osname = $^O; +if ( $osname eq 'MSWin32' ) { + eval { require Win32; } or last; + $osname = Win32::GetOSName(); + infoprint "* Windows OS($osname) is not fully supported.\n"; + + #exit 1; +} + +sub mysql_setup { + $doremote = 0; + $remotestring = ''; + if ( $opt{mysqladmin} ) { + $mysqladmincmd = $opt{mysqladmin}; + } + else { + $mysqladmincmd = which( "mysqladmin", $ENV{'PATH'} ); + } + chomp($mysqladmincmd); + if ( !-e $mysqladmincmd && $opt{mysqladmin} ) { + badprint "Unable to find the mysqladmin command you specified: " + . $mysqladmincmd . ""; + exit 1; + } + elsif ( !-e $mysqladmincmd ) { + badprint "Couldn't find mysqladmin in your \$PATH. Is MySQL installed?"; + exit 1; + } + if ( $opt{mysqlcmd} ) { + $mysqlcmd = $opt{mysqlcmd}; + } + else { + $mysqlcmd = which( "mysql", $ENV{'PATH'} ); + } + chomp($mysqlcmd); + if ( !-e $mysqlcmd && $opt{mysqlcmd} ) { + badprint "Unable to find the mysql command you specified: " + . $mysqlcmd . ""; + exit 1; + } + elsif ( !-e $mysqlcmd ) { + badprint "Couldn't find mysql in your \$PATH. Is MySQL installed?"; + exit 1; + } + $mysqlcmd =~ s/\n$//g; + my $mysqlclidefaults = `$mysqlcmd --print-defaults`; + debugprint "MySQL Client: $mysqlclidefaults"; + if ( $mysqlclidefaults =~ /auto-vertical-output/ ) { + badprint + "Avoid auto-vertical-output in configuration file(s) for MySQL like"; + exit 1; + } + + debugprint "MySQL Client: $mysqlcmd"; + + $opt{port} = ( $opt{port} eq 0 ) ? 3306 : $opt{port}; + + # Are we being asked to connect via a socket? + if ( $opt{socket} ne 0 ) { + $remotestring = " -S $opt{socket} -P $opt{port}"; + } + + # Are we being asked to connect to a remote server? + if ( $opt{host} ne 0 ) { + chomp( $opt{host} ); + +# If we're doing a remote connection, but forcemem wasn't specified, we need to exit + if ( $opt{'forcemem'} eq 0 + && ( $opt{host} ne "127.0.0.1" ) + && ( $opt{host} ne "localhost" ) ) + { + badprint "The --forcemem option is required for remote connections"; + exit 1; + } + infoprint "Performing tests on $opt{host}:$opt{port}"; + $remotestring = " -h $opt{host} -P $opt{port}"; + if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { + $doremote = 1; + } + } + else { + $opt{host} = '127.0.0.1'; + } + + if ( $opt{'ssl-ca'} ne 0 ) { + if ( -e -r -f $opt{'ssl-ca'} ) { + $remotestring .= " --ssl-ca=$opt{'ssl-ca'}"; + infoprint + "Will connect using ssl public key passed on the command line"; + return 1; + } + else { + badprint +"Attempted to use passed ssl public key, but it was not found or could not be read"; + exit 1; + } + } + + # Did we already get a username without password on the command line? + if ( $opt{user} ne 0 and $opt{pass} eq 0 ) { + $mysqllogin = "-u $opt{user} " . $remotestring; + my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + goodprint "Logged in using credentials passed on the command line"; + return 1; + } + else { + badprint + "Attempted to use login credentials, but they were invalid"; + exit 1; + } + } + + # Did we already get a username and password passed on the command line? + if ( $opt{user} ne 0 and $opt{pass} ne 0 ) { + $mysqllogin = "-u $opt{user} -p'$opt{pass}'" . $remotestring; + my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + goodprint "Logged in using credentials passed on the command line"; + return 1; + } + else { + badprint + "Attempted to use login credentials, but they were invalid"; + exit 1; + } + } + my $svcprop = which( "svcprop", $ENV{'PATH'} ); + if ( substr( $svcprop, 0, 1 ) =~ "/" ) { + + # We are on solaris + ( my $mysql_login = +`svcprop -p quickbackup/username svc:/network/mysql-quickbackup:default` + ) =~ s/\s+$//; + ( my $mysql_pass = +`svcprop -p quickbackup/password svc:/network/mysql-quickbackup:default` + ) =~ s/\s+$//; + if ( substr( $mysql_login, 0, 7 ) ne "svcprop" ) { + + # mysql-quickbackup is installed + $mysqllogin = "-u $mysql_login -p$mysql_pass"; + my $loginstatus = `mysqladmin $mysqllogin ping 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + goodprint "Logged in using credentials from mysql-quickbackup."; + return 1; + } + else { + badprint +"Attempted to use login credentials from mysql-quickbackup, but they failed."; + exit 1; + } + } + } + elsif ( -r "/etc/psa/.psa.shadow" and $doremote == 0 ) { + + # It's a Plesk box, use the available credentials + $mysqllogin = "-u admin -p`cat /etc/psa/.psa.shadow`"; + my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; + unless ( $loginstatus =~ /mysqld is alive/ ) { + + # Plesk 10+ + $mysqllogin = + "-u admin -p`/usr/local/psa/bin/admin --show-password`"; + $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; + unless ( $loginstatus =~ /mysqld is alive/ ) { + badprint +"Attempted to use login credentials from Plesk and Plesk 10+, but they failed."; + exit 1; + } + } + } + elsif ( -r "/usr/local/directadmin/conf/mysql.conf" and $doremote == 0 ) { + + # It's a DirectAdmin box, use the available credentials + my $mysqluser = + `cat /usr/local/directadmin/conf/mysql.conf | egrep '^user=.*'`; + my $mysqlpass = + `cat /usr/local/directadmin/conf/mysql.conf | egrep '^passwd=.*'`; + + $mysqluser =~ s/user=//; + $mysqluser =~ s/[\r\n]//; + $mysqlpass =~ s/passwd=//; + $mysqlpass =~ s/[\r\n]//; + + $mysqllogin = "-u $mysqluser -p$mysqlpass"; + + my $loginstatus = `mysqladmin ping $mysqllogin 2>&1`; + unless ( $loginstatus =~ /mysqld is alive/ ) { + badprint +"Attempted to use login credentials from DirectAdmin, but they failed."; + exit 1; + } + } + elsif ( -r "/etc/mysql/debian.cnf" + and $doremote == 0 + and $opt{'defaults-file'} eq '' ) + { + + # We have a Debian maintenance account, use it + $mysqllogin = "--defaults-file=/etc/mysql/debian.cnf"; + my $loginstatus = `$mysqladmincmd $mysqllogin ping 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + goodprint + "Logged in using credentials from Debian maintenance account."; + return 1; + } + else { + badprint +"Attempted to use login credentials from Debian maintenance account, but they failed."; + exit 1; + } + } + elsif ( $opt{'defaults-file'} ne '' and -r "$opt{'defaults-file'}" ) { + + # defaults-file + debugprint "defaults file detected: $opt{'defaults-file'}"; + my $mysqlclidefaults = `$mysqlcmd --print-defaults`; + debugprint "MySQL Client Default File: $opt{'defaults-file'}"; + + $mysqllogin = "--defaults-file=" . $opt{'defaults-file'}; + my $loginstatus = `$mysqladmincmd $mysqllogin ping 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + goodprint "Logged in using credentials from defaults file account."; + return 1; + } + } + else { + + # It's not Plesk or Debian, we should try a login + debugprint "$mysqladmincmd $remotestring ping 2>&1"; + my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + + # Login went just fine + $mysqllogin = " $remotestring "; + + # Did this go well because of a .my.cnf file or is there no password set? + my $userpath = `printenv HOME`; + if ( length($userpath) > 0 ) { + chomp($userpath); + } + unless ( -e "${userpath}/.my.cnf" or -e "${userpath}/.mylogin.cnf" ) + { + badprint +"Successfully authenticated with no password - SECURITY RISK!"; + } + return 1; + } + else { + if ( $opt{'noask'} == 1 ) { + badprint + "Attempted to use login credentials, but they were invalid"; + exit 1; + } + my ( $name, $password ); + + # If --user is defined no need to ask for username + if ( $opt{user} ne 0 ) { + $name = $opt{user}; + } + else { + print STDERR "Please enter your MySQL administrative login: "; + $name = ; + } + + # If --pass is defined no need to ask for password + if ( $opt{pass} ne 0 ) { + $password = $opt{pass}; + } + else { + print STDERR + "Please enter your MySQL administrative password: "; + system("stty -echo >$devnull 2>&1"); + $password = ; + system("stty echo >$devnull 2>&1"); + } + chomp($password); + chomp($name); + $mysqllogin = "-u $name"; + + if ( length($password) > 0 ) { + $mysqllogin .= " -p'$password'"; + } + $mysqllogin .= $remotestring; + my $loginstatus = `$mysqladmincmd ping $mysqllogin 2>&1`; + if ( $loginstatus =~ /mysqld is alive/ ) { + print STDERR ""; + if ( !length($password) ) { + + # Did this go well because of a .my.cnf file or is there no password set? + my $userpath = `printenv HOME`; + chomp($userpath); + unless ( -e "$userpath/.my.cnf" ) { + badprint +"Successfully authenticated with no password - SECURITY RISK!"; + } + } + return 1; + } + else { + badprint + "Attempted to use login credentials, but they were invalid."; + exit 1; + } + exit 1; + } + } + +} + +# MySQL Request Array +sub select_array { + my $req = shift; + debugprint "PERFORM: $req "; + my @result = `$mysqlcmd $mysqllogin -Bse "\\w$req" 2>>/dev/null`; + if ( $? != 0 ) { + badprint "failed to execute: $req"; + badprint "FAIL Execute SQL / return code: $?"; + debugprint "CMD : $mysqlcmd"; + debugprint "OPTIONS: $mysqllogin"; + debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; + + #exit $?; + } + debugprint "select_array: return code : $?"; + chomp(@result); + return @result; +} + +sub human_size { + my ( $size, $n ) = ( shift, 0 ); + ++$n and $size /= 1024 until $size < 1024; + return sprintf "%.2f %s", $size, (qw[ bytes KB MB GB ])[$n]; +} + +# MySQL Request one +sub select_one { + my $req = shift; + debugprint "PERFORM: $req "; + my $result = `$mysqlcmd $mysqllogin -Bse "\\w$req" 2>>/dev/null`; + if ( $? != 0 ) { + badprint "failed to execute: $req"; + badprint "FAIL Execute SQL / return code: $?"; + debugprint "CMD : $mysqlcmd"; + debugprint "OPTIONS: $mysqllogin"; + debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; + + #exit $?; + } + debugprint "select_array: return code : $?"; + chomp($result); + return $result; +} + +# MySQL Request one +sub select_one_g { + my $pattern = shift; + + my $req = shift; + debugprint "PERFORM: $req "; + my @result = `$mysqlcmd $mysqllogin -re "\\w$req\\G" 2>>/dev/null`; + if ( $? != 0 ) { + badprint "failed to execute: $req"; + badprint "FAIL Execute SQL / return code: $?"; + debugprint "CMD : $mysqlcmd"; + debugprint "OPTIONS: $mysqllogin"; + debugprint `$mysqlcmd $mysqllogin -Bse "$req" 2>&1`; + + #exit $?; + } + debugprint "select_array: return code : $?"; + chomp(@result); + return ( grep { /$pattern/ } @result )[0]; +} + +sub select_str_g { + my $pattern = shift; + + my $req = shift; + my $str = select_one_g $pattern, $req; + return () unless defined $str; + my @val = split /:/, $str; + shift @val; + return trim(@val); +} + +sub get_tuning_info { + my @infoconn = select_array "\\s"; + my ( $tkey, $tval ); + @infoconn = + grep { !/Threads:/ and !/Connection id:/ and !/pager:/ and !/Using/ } + @infoconn; + foreach my $line (@infoconn) { + if ( $line =~ /\s*(.*):\s*(.*)/ ) { + debugprint "$1 => $2"; + $tkey = $1; + $tval = $2; + chomp($tkey); + chomp($tval); + $result{'MySQL Client'}{$tkey} = $tval; + } + } + $result{'MySQL Client'}{'Client Path'} = $mysqlcmd; + $result{'MySQL Client'}{'Admin Path'} = $mysqladmincmd; + $result{'MySQL Client'}{'Authentication Info'} = $mysqllogin; + +} + +# Populates all of the variable and status hashes +my ( %mystat, %myvar, $dummyselect, %myrepl, %myslaves ); + +sub arr2hash { + my $href = shift; + my $harr = shift; + my $sep = shift; + $sep = '\s' unless defined($sep); + foreach my $line (@$harr) { + next if ( $line =~ m/^\*\*\*\*\*\*\*/ ); + $line =~ /([a-zA-Z_]*)\s*$sep\s*(.*)/; + $$href{$1} = $2; + debugprint "V: $1 = $2"; + } +} + +sub get_all_vars { + + # We need to initiate at least one query so that our data is useable + $dummyselect = select_one "SELECT VERSION()"; + if ( not defined($dummyselect) or $dummyselect eq "" ) { + badprint +"You probably did not get enough privileges for running MySQLTuner ..."; + exit(256); + } + $dummyselect =~ s/(.*?)\-.*/$1/; + debugprint "VERSION: " . $dummyselect . ""; + $result{'MySQL Client'}{'Version'} = $dummyselect; + + my @mysqlvarlist = select_array("SHOW VARIABLES"); + push( @mysqlvarlist, select_array("SHOW GLOBAL VARIABLES") ); + arr2hash( \%myvar, \@mysqlvarlist ); + $result{'Variables'} = \%myvar; + + my @mysqlstatlist = select_array("SHOW STATUS"); + push( @mysqlstatlist, select_array("SHOW GLOBAL STATUS") ); + arr2hash( \%mystat, \@mysqlstatlist ); + $result{'Status'} = \%mystat; + unless ( defined( $myvar{'innodb_support_xa'} ) ) { + $myvar{'innodb_support_xa'} = 'ON'; + } + $mystat{'Uptime'} = 1 + unless defined( $mystat{'Uptime'} ) + and $mystat{'Uptime'} > 0; + $myvar{'have_galera'} = "NO"; + if ( defined( $myvar{'wsrep_provider_options'} ) + && $myvar{'wsrep_provider_options'} ne "" + && $myvar{'wsrep_on'} ne "OFF" ) + { + $myvar{'have_galera'} = "YES"; + debugprint "Galera options: " . $myvar{'wsrep_provider_options'}; + } + + # Workaround for MySQL bug #59393 wrt. ignore-builtin-innodb + if ( ( $myvar{'ignore_builtin_innodb'} || "" ) eq "ON" ) { + $myvar{'have_innodb'} = "NO"; + } + + # Support GTID MODE FOR MARIADB + # Issue MariaDB GTID mode #272 + $myvar{'gtid_mode'} = $myvar{'gtid_strict_mode'} + if ( defined( $myvar{'gtid_strict_mode'} ) ); + + $myvar{'have_threadpool'} = "NO"; + if ( defined( $myvar{'thread_pool_size'} ) + and $myvar{'thread_pool_size'} > 0 ) + { + $myvar{'have_threadpool'} = "YES"; + } + + # have_* for engines is deprecated and will be removed in MySQL 5.6; + # check SHOW ENGINES and set corresponding old style variables. + # Also works around MySQL bug #59393 wrt. skip-innodb + my @mysqlenginelist = select_array "SHOW ENGINES"; + foreach my $line (@mysqlenginelist) { + if ( $line =~ /^([a-zA-Z_]+)\s+(\S+)/ ) { + my $engine = lc($1); + + if ( $engine eq "federated" || $engine eq "blackhole" ) { + $engine .= "_engine"; + } + elsif ( $engine eq "berkeleydb" ) { + $engine = "bdb"; + } + my $val = ( $2 eq "DEFAULT" ) ? "YES" : $2; + $myvar{"have_$engine"} = $val; + $result{'Storage Engines'}{$engine} = $2; + } + } + debugprint Dumper(@mysqlenginelist); + my @mysqlslave = select_array("SHOW SLAVE STATUS\\G"); + arr2hash( \%myrepl, \@mysqlslave, ':' ); + $result{'Replication'}{'Status'} = \%myrepl; + my @mysqlslaves = select_array "SHOW SLAVE HOSTS"; + my @lineitems = (); + foreach my $line (@mysqlslaves) { + debugprint "L: $line "; + @lineitems = split /\s+/, $line; + $myslaves{ $lineitems[0] } = $line; + $result{'Replication'}{'Slaves'}{ $lineitems[0] } = $lineitems[4]; + } +} + +sub remove_cr { + return map { + my $line = $_; + $line =~ s/\n$//g; + $line =~ s/^\s+$//g; + $line; + } @_; +} + +sub remove_empty { + grep { $_ ne '' } @_; +} + +sub grep_file_contents { + my $file = shift; + my $patt; +} + +sub get_file_contents { + my $file = shift; + open( my $fh, "<", $file ) or die "Can't open $file for read: $!"; + my @lines = <$fh>; + close $fh or die "Cannot close $file: $!"; + @lines = remove_cr @lines; + return @lines; +} + +sub get_basic_passwords { + return get_file_contents(shift); +} + +sub get_log_file_real_path { + my $file = shift; + my $hostname = shift; + my $datadir = shift; + if ( -f "$file" ) { + return $file; + } + elsif ( -f "$hostname.err" ) { + return "$hostname.err"; + } + elsif ( $datadir ne "" ) { + return "$datadir$hostname.err"; + } + else { + return $file; + } +} + +sub log_file_recommendations { + $myvar{'log_error'} = + get_log_file_real_path( $myvar{'log_error'}, $myvar{'hostname'}, + $myvar{'datadir'} ); + subheaderprint "Log file Recommendations"; + infoprint "Log file: " + . $myvar{'log_error'} . "(" + . hr_bytes_rnd( ( stat $myvar{'log_error'} )[7] ) . ")"; + if ( -f "$myvar{'log_error'}" ) { + goodprint "Log file $myvar{'log_error'} exists"; + } + else { + badprint "Log file $myvar{'log_error'} doesn't exist"; + } + if ( -r "$myvar{'log_error'}" ) { + goodprint "Log file $myvar{'log_error'} is readable."; + } + else { + badprint "Log file $myvar{'log_error'} isn't readable."; + return; + } + if ( ( stat $myvar{'log_error'} )[7] > 0 ) { + goodprint "Log file $myvar{'log_error'} is not empty"; + } + else { + badprint "Log file $myvar{'log_error'} is empty"; + } + + if ( ( stat $myvar{'log_error'} )[7] < 32 * 1024 * 1024 ) { + goodprint "Log file $myvar{'log_error'} is smaller than 32 Mb"; + } + else { + badprint "Log file $myvar{'log_error'} is bigger than 32 Mb"; + push @generalrec, + $myvar{'log_error'} + . " is > 32Mb, you should analyze why or implement a rotation log strategy such as logrotate!"; + } + + my $numLi = 0; + my $nbWarnLog = 0; + my $nbErrLog = 0; + my @lastShutdowns; + my @lastStarts; + + open( my $fh, '<', $myvar{'log_error'} ) + or die "Can't open $myvar{'log_error'} for read: $!"; + + while ( my $logLi = <$fh> ) { + chomp $logLi; + $numLi++; + debugprint "$numLi: $logLi" if $logLi =~ /warning|error/i; + $nbErrLog++ if $logLi =~ /error/i; + $nbWarnLog++ if $logLi =~ /warning/i; + push @lastShutdowns, $logLi + if $logLi =~ /Shutdown complete/ and $logLi !~ /Innodb/i; + push @lastStarts, $logLi if $logLi =~ /ready for connections/; + } + close $fh; + + if ( $nbWarnLog > 0 ) { + badprint "$myvar{'log_error'} contains $nbWarnLog warning(s)."; + push @generalrec, + "Control warning line(s) into $myvar{'log_error'} file"; + } + else { + goodprint "$myvar{'log_error'} doesn't contain any warning."; + } + if ( $nbErrLog > 0 ) { + badprint "$myvar{'log_error'} contains $nbErrLog error(s)."; + push @generalrec, "Control error line(s) into $myvar{'log_error'} file"; + } + else { + goodprint "$myvar{'log_error'} doesn't contain any error."; + } + + infoprint scalar @lastStarts . " start(s) detected in $myvar{'log_error'}"; + my $nStart = 0; + my $nEnd = 10; + if ( scalar @lastStarts < $nEnd ) { + $nEnd = scalar @lastStarts; + } + for my $startd ( reverse @lastStarts[ -$nEnd .. -1 ] ) { + $nStart++; + infoprint "$nStart) $startd"; + } + infoprint scalar @lastShutdowns + . " shutdown(s) detected in $myvar{'log_error'}"; + $nStart = 0; + $nEnd = 10; + if ( scalar @lastShutdowns < $nEnd ) { + $nEnd = scalar @lastShutdowns; + } + for my $shutd ( reverse @lastShutdowns[ -$nEnd .. -1 ] ) { + $nStart++; + infoprint "$nStart) $shutd"; + } + + #exit 0; +} + +sub cve_recommendations { + subheaderprint "CVE Security Recommendations"; + unless ( defined( $opt{cvefile} ) && -f "$opt{cvefile}" ) { + infoprint "Skipped due to --cvefile option undefined"; + return; + } + +#$mysqlvermajor=10; +#$mysqlverminor=1; +#$mysqlvermicro=17; +#prettyprint "Look for related CVE for $myvar{'version'} or lower in $opt{cvefile}"; + my $cvefound = 0; + open( my $fh, "<", $opt{cvefile} ) + or die "Can't open $opt{cvefile} for read: $!"; + while ( my $cveline = <$fh> ) { + my @cve = split( ';', $cveline ); + debugprint +"Comparing $mysqlvermajor\.$mysqlverminor\.$mysqlvermicro with $cve[1]\.$cve[2]\.$cve[3] : " + . ( mysql_version_le( $cve[1], $cve[2], $cve[3] ) ? '<=' : '>' ); + + # Avoid not major/minor version corresponding CVEs + next + unless ( int( $cve[1] ) == $mysqlvermajor + && int( $cve[2] ) == $mysqlverminor ); + if ( int( $cve[3] ) >= $mysqlvermicro ) { + badprint "$cve[4](<= $cve[1]\.$cve[2]\.$cve[3]) : $cve[6]"; + $result{'CVE'}{'List'}{$cvefound} = + "$cve[4](<= $cve[1]\.$cve[2]\.$cve[3]) : $cve[6]"; + $cvefound++; + } + } + close $fh or die "Cannot close $opt{cvefile}: $!"; + $result{'CVE'}{'nb'} = $cvefound; + + my $cve_warning_notes = ""; + if ( $cvefound == 0 ) { + goodprint "NO SECURITY CVE FOUND FOR YOUR VERSION"; + return; + } + if ( $mysqlvermajor eq 5 and $mysqlverminor eq 5 ) { + infoprint + "False positive CVE(s) for MySQL and MariaDB 5.5.x can be found."; + infoprint "Check careful each CVE for those particular versions"; + } + badprint $cvefound . " CVE(s) found for your MySQL release."; + push( @generalrec, + $cvefound + . " CVE(s) found for your MySQL release. Consider upgrading your version !" + ); +} + +sub get_opened_ports { + my @opened_ports = `netstat -ltn`; + @opened_ports = map { + my $v = $_; + $v =~ s/.*:(\d+)\s.*$/$1/; + $v =~ s/\D//g; + $v; + } @opened_ports; + @opened_ports = sort { $a <=> $b } grep { !/^$/ } @opened_ports; + debugprint Dumper \@opened_ports; + $result{'Network'}{'TCP Opened'} = \@opened_ports; + return @opened_ports; +} + +sub is_open_port { + my $port = shift; + if ( grep { /^$port$/ } get_opened_ports ) { + return 1; + } + return 0; +} + +sub get_process_memory { + my $pid = shift; + my @mem = `ps -p $pid -o rss`; + return 0 if scalar @mem != 2; + return $mem[1] * 1024; +} + +sub get_other_process_memory { + return 0 if ( $opt{tbstat} == 0 ); + my @procs = `ps eaxo pid,command`; + @procs = map { + my $v = $_; + $v =~ s/.*PID.*//; + $v =~ s/.*mysqld.*//; + $v =~ s/.*\[.*\].*//; + $v =~ s/^\s+$//g; + $v =~ s/.*PID.*CMD.*//; + $v =~ s/.*systemd.*//; + $v =~ s/\s*?(\d+)\s*.*/$1/g; + $v; + } @procs; + @procs = remove_cr @procs; + @procs = remove_empty @procs; + my $totalMemOther = 0; + map { $totalMemOther += get_process_memory($_); } @procs; + return $totalMemOther; +} + +sub get_os_release { + if ( -f "/etc/lsb-release" ) { + my @info_release = get_file_contents "/etc/lsb-release"; + my $os_release = $info_release[3]; + $os_release =~ s/.*="//; + $os_release =~ s/"$//; + return $os_release; + } + + if ( -f "/etc/system-release" ) { + my @info_release = get_file_contents "/etc/system-release"; + return $info_release[0]; + } + + if ( -f "/etc/os-release" ) { + my @info_release = get_file_contents "/etc/os-release"; + my $os_release = $info_release[0]; + $os_release =~ s/.*="//; + $os_release =~ s/"$//; + return $os_release; + } + + if ( -f "/etc/issue" ) { + my @info_release = get_file_contents "/etc/issue"; + my $os_release = $info_release[0]; + $os_release =~ s/\s+\\n.*//; + return $os_release; + } + return "Unknown OS release"; +} + +sub get_fs_info { + my @sinfo = `df -P | grep '%'`; + my @iinfo = `df -Pi| grep '%'`; + shift @iinfo; + @sinfo = map { + my $v = $_; + $v =~ s/.*\s(\d+)%\s+(.*)/$1\t$2/g; + $v; + } @sinfo; + foreach my $info (@sinfo) { + next if $info =~ m{(\d+)\t/(run|dev|sys|proc)($|/)}; + if ( $info =~ /(\d+)\t(.*)/ ) { + if ( $1 > 85 ) { + badprint "mount point $2 is using $1 % total space"; + push( @generalrec, "Add some space to $2 mountpoint." ); + } + else { + infoprint "mount point $2 is using $1 % of total space"; + } + $result{'Filesystem'}{'Space Pct'}{$2} = $1; + } + } + + @iinfo = map { + my $v = $_; + $v =~ s/.*\s(\d+)%\s+(.*)/$1\t$2/g; + $v; + } @iinfo; + foreach my $info (@iinfo) { + next if $info =~ m{(\d+)\t/(run|dev|sys|proc)($|/)}; + if ( $info =~ /(\d+)\t(.*)/ ) { + if ( $1 > 85 ) { + badprint "mount point $2 is using $1 % of max allowed inodes"; + push( @generalrec, +"Cleanup files from $2 mountpoint or reformat you filesystem." + ); + } + else { + infoprint "mount point $2 is using $1 % of max allowed inodes"; + } + $result{'Filesystem'}{'Inode Pct'}{$2} = $1; + } + } +} + +sub merge_hash { + my $h1 = shift; + my $h2 = shift; + my %result = {}; + foreach my $substanceref ( $h1, $h2 ) { + while ( my ( $k, $v ) = each %$substanceref ) { + next if ( exists $result{$k} ); + $result{$k} = $v; + } + } + return \%result; +} + +sub is_virtual_machine { + my $isVm = `grep -Ec '^flags.*\ hypervisor\ ' /proc/cpuinfo`; + return ( $isVm == 0 ? 0 : 1 ); +} + +sub infocmd { + my $cmd = "@_"; + debugprint "CMD: $cmd"; + my @result = `$cmd`; + @result = remove_cr @result; + for my $l (@result) { + infoprint "$l"; + } +} + +sub infocmd_tab { + my $cmd = "@_"; + debugprint "CMD: $cmd"; + my @result = `$cmd`; + @result = remove_cr @result; + for my $l (@result) { + infoprint "\t$l"; + } +} + +sub infocmd_one { + my $cmd = "@_"; + my @result = `$cmd 2>&1`; + @result = remove_cr @result; + return join ', ', @result; +} + +sub get_kernel_info { + my @params = ( + 'fs.aio-max-nr', 'fs.aio-nr', + 'fs.file-max', 'sunrpc.tcp_fin_timeout', + 'sunrpc.tcp_max_slot_table_entries', 'sunrpc.tcp_slot_table_entries', + 'vm.swappiness' + ); + infoprint "Information about kernel tuning:"; + foreach my $param (@params) { + infocmd_tab("sysctl $param 2>/dev/null"); + $result{'OS'}{'Config'}{$param} = `sysctl -n $param 2>/dev/null`; + } + if ( `sysctl -n vm.swappiness` > 10 ) { + badprint + "Swappiness is > 10, please consider having a value lower than 10"; + push @generalrec, "setup swappiness lower or equals to 10"; + push @adjvars, + 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; + } + else { + infoprint "Swappiness is < 10."; + } + + # only if /proc/sys/sunrpc exists + my $tcp_slot_entries = + `sysctl -n sunrpc.tcp_slot_table_entries 2>/dev/null`; + if ( -f "/proc/sys/sunrpc" + and ( $tcp_slot_entries eq '' or $tcp_slot_entries < 100 ) ) + { + badprint +"Initial TCP slot entries is < 1M, please consider having a value greater than 100"; + push @generalrec, "setup Initial TCP slot entries greater than 100"; + push @adjvars, +'sunrpc.tcp_slot_table_entries > 100 (echo 128 > /proc/sys/sunrpc/tcp_slot_table_entries)'; + } + else { + infoprint "TCP slot entries is > 100."; + } + + if ( `sysctl -n fs.aio-max-nr` < 1000000 ) { + badprint +"Max running total of the number of events is < 1M, please consider having a value greater than 1M"; + push @generalrec, "setup Max running number events greater than 1M"; + push @adjvars, + 'fs.aio-max-nr > 1M (echo 1048576 > /proc/sys/fs/aio-max-nr)'; + } + else { + infoprint "Max Number of AIO events is > 1M."; + } + +} + +sub get_system_info { + $result{'OS'}{'Release'} = get_os_release(); + infoprint get_os_release; + if (is_virtual_machine) { + infoprint "Machine type : Virtual machine"; + $result{'OS'}{'Virtual Machine'} = 'YES'; + } + else { + infoprint "Machine type : Physical machine"; + $result{'OS'}{'Virtual Machine'} = 'NO'; + } + + $result{'Network'}{'Connected'} = 'NO'; + `ping -c 1 ipecho.net &>/dev/null`; + my $isConnected = $?; + if ( $? == 0 ) { + infoprint "Internet : Connected"; + $result{'Network'}{'Connected'} = 'YES'; + } + else { + badprint "Internet : Disconnected"; + } + $result{'OS'}{'NbCore'} = cpu_cores; + infoprint "Number of Core CPU : " . cpu_cores; + $result{'OS'}{'Type'} = `uname -o`; + infoprint "Operating System Type : " . infocmd_one "uname -o"; + $result{'OS'}{'Kernel'} = `uname -r`; + infoprint "Kernel Release : " . infocmd_one "uname -r"; + $result{'OS'}{'Hostname'} = `hostname`; + $result{'Network'}{'Internal Ip'} = `hostname -I`; + infoprint "Hostname : " . infocmd_one "hostname"; + infoprint "Network Cards : "; + infocmd_tab "ifconfig| grep -A1 mtu"; + infoprint "Internal IP : " . infocmd_one "hostname -I"; + $result{'Network'}{'Internal Ip'} = `ifconfig| grep -A1 mtu`; + my $httpcli = get_http_cli(); + infoprint "HTTP client found: $httpcli" if defined $httpcli; + + my $ext_ip = ""; + if ( $httpcli =~ /curl$/ ) { + $ext_ip = infocmd_one "$httpcli -m 3 ipecho.net/plain"; + } + elsif ( $httpcli =~ /wget$/ ) { + + $ext_ip = infocmd_one "$httpcli -t 1 -T 3 -q -O - ipecho.net/plain"; + } + infoprint "External IP : " . $ext_ip; + $result{'Network'}{'External Ip'} = $ext_ip; + badprint + "External IP : Can't check because of Internet connectivity" + unless defined($httpcli); + infoprint "Name Servers : " + . infocmd_one "grep 'nameserver' /etc/resolv.conf \| awk '{print \$2}'"; + infoprint "Logged In users : "; + infocmd_tab "who"; + $result{'OS'}{'Logged users'} = `who`; + infoprint "Ram Usages in Mb : "; + infocmd_tab "free -m | grep -v +"; + $result{'OS'}{'Free Memory RAM'} = `free -m | grep -v +`; + infoprint "Load Average : "; + infocmd_tab "top -n 1 -b | grep 'load average:'"; + $result{'OS'}{'Load Average'} = `top -n 1 -b | grep 'load average:'`; + + infoprint "System Uptime : "; + infocmd_tab "uptime"; + $result{'OS'}{'Uptime'} = `uptime`; +} + +sub system_recommendations { + return if ( $opt{sysstat} == 0 ); + subheaderprint "System Linux Recommendations"; + my $os = `uname`; + unless ( $os =~ /Linux/i ) { + infoprint "Skipped due to non Linux server"; + return; + } + prettyprint "Look for related Linux system recommendations"; + + #prettyprint '-'x78; + get_system_info(); + my $omem = get_other_process_memory; + infoprint "User process except mysqld used " + . hr_bytes_rnd($omem) . " RAM."; + if ( ( 0.15 * $physical_memory ) < $omem ) { + badprint +"Other user process except mysqld used more than 15% of total physical memory " + . percentage( $omem, $physical_memory ) . "% (" + . hr_bytes_rnd($omem) . " / " + . hr_bytes_rnd($physical_memory) . ")"; + push( @generalrec, +"Consider stopping or dedicate server for additional process other than mysqld." + ); + push( @adjvars, +"DON'T APPLY SETTINGS BECAUSE THERE ARE TOO MANY PROCESSES RUNNING ON THIS SERVER. OOM KILL CAN OCCUR!" + ); + } + else { + infoprint +"Other user process except mysqld used less than 15% of total physical memory " + . percentage( $omem, $physical_memory ) . "% (" + . hr_bytes_rnd($omem) . " / " + . hr_bytes_rnd($physical_memory) . ")"; + } + + if ( $opt{'maxportallowed'} > 0 ) { + my @opened_ports = get_opened_ports; + infoprint "There is " + . scalar @opened_ports + . " listening port(s) on this server."; + if ( scalar(@opened_ports) > $opt{'maxportallowed'} ) { + badprint "There is too many listening ports: " + . scalar(@opened_ports) + . " opened > " + . $opt{'maxportallowed'} + . "allowed."; + push( @generalrec, +"Consider dedicating a server for your database installation with less services running on !" + ); + } + else { + goodprint "There is less than " + . $opt{'maxportallowed'} + . " opened ports on this server."; + } + } + + foreach my $banport (@banned_ports) { + if ( is_open_port($banport) ) { + badprint "Banned port: $banport is opened.."; + push( @generalrec, +"Port $banport is opened. Consider stopping program handling this port." + ); + } + else { + goodprint "$banport is not opened."; + } + } + + get_fs_info; + get_kernel_info; +} + +sub security_recommendations { + subheaderprint "Security Recommendations"; + + if ( mysql_version_eq(8) ) { + infoprint "Skipped due to unsupported feature for MySQL 8"; + return; + } + + #exit 0; + if ( $opt{skippassword} eq 1 ) { + infoprint "Skipped due to --skippassword option"; + return; + } + + my $PASS_COLUMN_NAME = 'password'; + if ( $myvar{'version'} =~ /5\.7|10\..*MariaDB*/ ) { + my $password_column_exists = +`$mysqlcmd $mysqllogin -Bse "SELECT 1 FROM information_schema.columns WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME = 'password'" 2>>/dev/null`; + if ($password_column_exists) { + $PASS_COLUMN_NAME = +"IF(plugin='mysql_native_password', authentication_string, password)"; + } + else { + $PASS_COLUMN_NAME = 'authentication_string'; + } + } + debugprint "Password column = $PASS_COLUMN_NAME"; + + # Looking for Anonymous users + my @mysqlstatlist = select_array +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE TRIM(USER) = '' OR USER IS NULL"; + debugprint Dumper \@mysqlstatlist; + + #exit 0; + if (@mysqlstatlist) { + foreach my $line ( sort @mysqlstatlist ) { + chomp($line); + badprint "User '" . $line . "' is an anonymous account."; + } + push( @generalrec, + "Remove Anonymous User accounts - there are " + . scalar(@mysqlstatlist) + . " anonymous accounts." ); + } + else { + goodprint "There are no anonymous accounts for any database users"; + } + if ( mysql_version_le( 5, 1 ) ) { + badprint "No more password checks for MySQL version <=5.1"; + badprint "MySQL version <=5.1 are deprecated and end of support."; + return; + } + + # Looking for Empty Password + if ( mysql_version_ge( 5, 5 ) ) { + @mysqlstatlist = select_array +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL) AND plugin NOT IN ('unix_socket', 'win_socket', 'auth_pam_compat')"; + } + else { + @mysqlstatlist = select_array +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE ($PASS_COLUMN_NAME = '' OR $PASS_COLUMN_NAME IS NULL)"; + } + if (@mysqlstatlist) { + foreach my $line ( sort @mysqlstatlist ) { + chomp($line); + badprint "User '" . $line . "' has no password set."; + } + push( @generalrec, +"Set up a Password for user with the following SQL statement ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )" + ); + } + else { + goodprint "All database users have passwords assigned"; + } + + if ( mysql_version_ge( 5, 7 ) ) { + my $valPlugin = select_one( +"select count(*) from information_schema.plugins where PLUGIN_NAME='validate_password' AND PLUGIN_STATUS='ACTIVE'" + ); + if ( $valPlugin >= 1 ) { + infoprint +"Bug #80860 MySQL 5.7: Avoid testing password when validate_password is activated"; + return; + } + } + + # Looking for User with user/ uppercase /capitalise user as password + @mysqlstatlist = select_array +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(user) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(UPPER(user)) OR CAST($PASS_COLUMN_NAME as Binary) = PASSWORD(CONCAT(UPPER(LEFT(User, 1)), SUBSTRING(User, 2, LENGTH(User))))"; + if (@mysqlstatlist) { + foreach my $line ( sort @mysqlstatlist ) { + chomp($line); + badprint "User '" . $line . "' has user name as password."; + } + push( @generalrec, +"Set up a Secure Password for user\@host ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )" + ); + } + + @mysqlstatlist = select_array + "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%'"; + if (@mysqlstatlist) { + foreach my $line ( sort @mysqlstatlist ) { + chomp($line); + badprint "User '" . $line + . "' does not specify hostname restrictions."; + } + push( @generalrec, + "Restrict Host for user\@% to user\@SpecificDNSorIp" ); + } + + unless ( -f $basic_password_files ) { + badprint "There is no basic password file list!"; + return; + } + + my @passwords = get_basic_passwords $basic_password_files; + infoprint "There are " + . scalar(@passwords) + . " basic passwords in the list."; + my $nbins = 0; + my $passreq; + if (@passwords) { + my $nbInterPass = 0; + foreach my $pass (@passwords) { + $nbInterPass++; + + $pass =~ s/\s//g; + $pass =~ s/\'/\\\'/g; + chomp($pass); + + # Looking for User with user/ uppercase /capitalise weak password + @mysqlstatlist = + select_array +"SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE $PASS_COLUMN_NAME = PASSWORD('" + . $pass + . "') OR $PASS_COLUMN_NAME = PASSWORD(UPPER('" + . $pass + . "')) OR $PASS_COLUMN_NAME = PASSWORD(CONCAT(UPPER(LEFT('" + . $pass + . "', 1)), SUBSTRING('" + . $pass + . "', 2, LENGTH('" + . $pass . "'))))"; + debugprint "There is " . scalar(@mysqlstatlist) . " items."; + if (@mysqlstatlist) { + foreach my $line (@mysqlstatlist) { + chomp($line); + badprint "User '" . $line + . "' is using weak password: $pass in a lower, upper or capitalize derivative version."; + $nbins++; + } + } + debugprint "$nbInterPass / " . scalar(@passwords) + if ( $nbInterPass % 1000 == 0 ); + } + } + if ( $nbins > 0 ) { + push( @generalrec, $nbins . " user(s) used basic or weak password." ); + } +} + +sub get_replication_status { + subheaderprint "Replication Metrics"; + infoprint "Galera Synchronous replication: " . $myvar{'have_galera'}; + if ( scalar( keys %myslaves ) == 0 ) { + infoprint "No replication slave(s) for this server."; + } + else { + infoprint "This server is acting as master for " + . scalar( keys %myslaves ) + . " server(s)."; + } + infoprint "Binlog format: " . $myvar{'binlog_format'}; + infoprint "XA support enabled: " . $myvar{'innodb_support_xa'}; + + infoprint "Semi synchronous replication Master: " + . ( + defined( $myvar{'rpl_semi_sync_master_enabled'} ) + ? $myvar{'rpl_semi_sync_master_enabled'} + : 'Not Activated' + ); + infoprint "Semi synchronous replication Slave: " + . ( + defined( $myvar{'rpl_semi_sync_slave_enabled'} ) + ? $myvar{'rpl_semi_sync_slave_enabled'} + : 'Not Activated' + ); + if ( scalar( keys %myrepl ) == 0 and scalar( keys %myslaves ) == 0 ) { + infoprint "This is a standalone server"; + return; + } + if ( scalar( keys %myrepl ) == 0 ) { + infoprint + "No replication setup for this server or replication not started."; + return; + } + + $result{'Replication'}{'status'} = \%myrepl; + my ($io_running) = $myrepl{'Slave_IO_Running'}; + debugprint "IO RUNNING: $io_running "; + my ($sql_running) = $myrepl{'Slave_SQL_Running'}; + debugprint "SQL RUNNING: $sql_running "; + my ($seconds_behind_master) = $myrepl{'Seconds_Behind_Master'}; + debugprint "SECONDS : $seconds_behind_master "; + + if ( defined($io_running) + and ( $io_running !~ /yes/i or $sql_running !~ /yes/i ) ) + { + badprint + "This replication slave is not running but seems to be configured."; + } + if ( defined($io_running) + && $io_running =~ /yes/i + && $sql_running =~ /yes/i ) + { + if ( $myvar{'read_only'} eq 'OFF' ) { + badprint +"This replication slave is running with the read_only option disabled."; + } + else { + goodprint +"This replication slave is running with the read_only option enabled."; + } + if ( $seconds_behind_master > 0 ) { + badprint +"This replication slave is lagging and slave has $seconds_behind_master second(s) behind master host."; + } + else { + goodprint "This replication slave is up to date with master."; + } + } +} + +sub validate_mysql_version { + ( $mysqlvermajor, $mysqlverminor, $mysqlvermicro ) = + $myvar{'version'} =~ /^(\d+)(?:\.(\d+)|)(?:\.(\d+)|)/; + $mysqlverminor ||= 0; + $mysqlvermicro ||= 0; + if ( !mysql_version_ge( 5, 1 ) ) { + badprint "Your MySQL version " + . $myvar{'version'} + . " is EOL software! Upgrade soon!"; + } + elsif ( ( mysql_version_ge(6) and mysql_version_le(9) ) + or mysql_version_ge(12) ) + { + badprint "Currently running unsupported MySQL version " + . $myvar{'version'} . ""; + } + else { + goodprint "Currently running supported MySQL version " + . $myvar{'version'} . ""; + } +} + +# Checks if MySQL version is equal to (major, minor, micro) +sub mysql_version_eq { + my ( $maj, $min, $mic ) = @_; + return int($mysqlvermajor) == int($maj) + if ( !defined($min) && !defined($mic) ); + return int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) + if ( !defined($mic) ); + return ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) + && int($mysqlvermicro) == int($mic) ); +} + +# Checks if MySQL version is greater than equal to (major, minor, micro) +sub mysql_version_ge { + my ( $maj, $min, $mic ) = @_; + $min ||= 0; + $mic ||= 0; + return + int($mysqlvermajor) > int($maj) + || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) + || ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) + && int($mysqlvermicro) >= int($mic) ); +} + +# Checks if MySQL version is lower than equal to (major, minor, micro) +sub mysql_version_le { + my ( $maj, $min, $mic ) = @_; + $min ||= 0; + $mic ||= 0; + return + int($mysqlvermajor) < int($maj) + || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) + || ( int($mysqlvermajor) == int($maj) + && int($mysqlverminor) == int($min) + && int($mysqlvermicro) <= int($mic) ); +} + +# Checks if MySQL micro version is lower than equal to (major, minor, micro) +sub mysql_micro_version_le { + my ( $maj, $min, $mic ) = @_; + return $mysqlvermajor == $maj + && ( $mysqlverminor == $min + && $mysqlvermicro <= $mic ); +} + +# Checks for 32-bit boxes with more than 2GB of RAM +my ($arch); + +sub check_architecture { + if ( $doremote eq 1 ) { return; } + if ( `uname` =~ /SunOS/ && `isainfo -b` =~ /64/ ) { + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` !~ /SunOS/ && `uname -m` =~ /(64|s390x)/ ) { + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` =~ /AIX/ && `bootinfo -K` =~ /64/ ) { + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` =~ /NetBSD|OpenBSD/ && `sysctl -b hw.machine` =~ /64/ ) { + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` =~ /FreeBSD/ && `sysctl -b hw.machine_arch` =~ /64/ ) { + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /Power Macintosh/ ) { + +# Darwin box.local 9.8.0 Darwin Kernel Version 9.8.0: Wed Jul 15 16:57:01 PDT 2009; root:xnu1228.15.4~1/RELEASE_PPC Power Macintosh + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + elsif ( `uname` =~ /Darwin/ && `uname -m` =~ /x86_64/ ) { + +# Darwin gibas.local 12.3.0 Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64 x86_64 + $arch = 64; + goodprint "Operating on 64-bit architecture"; + } + else { + $arch = 32; + if ( $physical_memory > 2147483648 ) { + badprint +"Switch to 64-bit OS - MySQL cannot currently use all of your RAM"; + } + else { + goodprint "Operating on 32-bit architecture with less than 2GB RAM"; + } + } + $result{'OS'}{'Architecture'} = "$arch bits"; + +} + +# Start up a ton of storage engine counts/statistics +my ( %enginestats, %enginecount, $fragtables ); + +sub check_storage_engines { + if ( $opt{skipsize} eq 1 ) { + subheaderprint "Storage Engine Statistics"; + infoprint "Skipped due to --skipsize option"; + return; + } + subheaderprint "Storage Engine Statistics"; + + my $engines; + if ( mysql_version_ge( 5, 5 ) ) { + my @engineresults = select_array +"SELECT ENGINE,SUPPORT FROM information_schema.ENGINES ORDER BY ENGINE ASC"; + foreach my $line (@engineresults) { + my ( $engine, $engineenabled ); + ( $engine, $engineenabled ) = $line =~ /([a-zA-Z_]*)\s+([a-zA-Z]+)/; + $result{'Engine'}{$engine}{'Enabled'} = $engineenabled; + $engines .= + ( $engineenabled eq "YES" || $engineenabled eq "DEFAULT" ) + ? greenwrap "+" . $engine . " " + : redwrap "-" . $engine . " "; + } + } + elsif ( mysql_version_ge( 5, 1, 5 ) ) { + my @engineresults = select_array +"SELECT ENGINE,SUPPORT FROM information_schema.ENGINES WHERE ENGINE NOT IN ('performance_schema','MyISAM','MERGE','MEMORY') ORDER BY ENGINE ASC"; + foreach my $line (@engineresults) { + my ( $engine, $engineenabled ); + ( $engine, $engineenabled ) = $line =~ /([a-zA-Z_]*)\s+([a-zA-Z]+)/; + $result{'Engine'}{$engine}{'Enabled'} = $engineenabled; + $engines .= + ( $engineenabled eq "YES" || $engineenabled eq "DEFAULT" ) + ? greenwrap "+" . $engine . " " + : redwrap "-" . $engine . " "; + } + } + else { + $engines .= + ( defined $myvar{'have_archive'} && $myvar{'have_archive'} eq "YES" ) + ? greenwrap "+Archive " + : redwrap "-Archive "; + $engines .= + ( defined $myvar{'have_bdb'} && $myvar{'have_bdb'} eq "YES" ) + ? greenwrap "+BDB " + : redwrap "-BDB "; + $engines .= + ( defined $myvar{'have_federated_engine'} + && $myvar{'have_federated_engine'} eq "YES" ) + ? greenwrap "+Federated " + : redwrap "-Federated "; + $engines .= + ( defined $myvar{'have_innodb'} && $myvar{'have_innodb'} eq "YES" ) + ? greenwrap "+InnoDB " + : redwrap "-InnoDB "; + $engines .= + ( defined $myvar{'have_isam'} && $myvar{'have_isam'} eq "YES" ) + ? greenwrap "+ISAM " + : redwrap "-ISAM "; + $engines .= + ( defined $myvar{'have_ndbcluster'} + && $myvar{'have_ndbcluster'} eq "YES" ) + ? greenwrap "+NDBCluster " + : redwrap "-NDBCluster "; + } + + my @dblist = grep { $_ ne 'lost+found' } select_array "SHOW DATABASES"; + + $result{'Databases'}{'List'} = [@dblist]; + infoprint "Status: $engines"; + if ( mysql_version_ge( 5, 1, 5 ) ) { + +# MySQL 5 servers can have table sizes calculated quickly from information schema + my @templist = select_array +"SELECT ENGINE,SUM(DATA_LENGTH+INDEX_LENGTH),COUNT(ENGINE),SUM(DATA_LENGTH),SUM(INDEX_LENGTH) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema', 'performance_schema', 'mysql') AND ENGINE IS NOT NULL GROUP BY ENGINE ORDER BY ENGINE ASC;"; + + my ( $engine, $size, $count, $dsize, $isize ); + foreach my $line (@templist) { + ( $engine, $size, $count, $dsize, $isize ) = + $line =~ /([a-zA-Z_]+)\s+(\d+)\s+(\d+)\s+(\d+)\s+(\d+)/; + debugprint "Engine Found: $engine"; + next unless ( defined($engine) ); + $size = 0 unless defined($size); + $isize = 0 unless defined($isize); + $dsize = 0 unless defined($dsize); + $count = 0 unless defined($count); + $enginestats{$engine} = $size; + $enginecount{$engine} = $count; + $result{'Engine'}{$engine}{'Table Number'} = $count; + $result{'Engine'}{$engine}{'Total Size'} = $size; + $result{'Engine'}{$engine}{'Data Size'} = $dsize; + $result{'Engine'}{$engine}{'Index Size'} = $isize; + } + my $not_innodb = ''; + if ( not defined $result{'Variables'}{'innodb_file_per_table'} ) { + $not_innodb = "AND NOT ENGINE='InnoDB'"; + } + elsif ( $result{'Variables'}{'innodb_file_per_table'} eq 'OFF' ) { + $not_innodb = "AND NOT ENGINE='InnoDB'"; + } + $result{'Tables'}{'Fragmented tables'} = + [ select_array +"SELECT CONCAT(CONCAT(TABLE_SCHEMA, '.'), TABLE_NAME),DATA_FREE FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema','performance_schema', 'mysql') AND DATA_LENGTH/1024/1024>100 AND DATA_FREE*100/(DATA_LENGTH+INDEX_LENGTH+DATA_FREE) > 10 AND NOT ENGINE='MEMORY' $not_innodb" + ]; + $fragtables = scalar @{ $result{'Tables'}{'Fragmented tables'} }; + + } + else { + + # MySQL < 5 servers take a lot of work to get table sizes + my @tblist; + +# Now we build a database list, and loop through it to get storage engine stats for tables + foreach my $db (@dblist) { + chomp($db); + if ( $db eq "information_schema" + or $db eq "performance_schema" + or $db eq "mysql" + or $db eq "lost+found" ) + { + next; + } + my @ixs = ( 1, 6, 9 ); + if ( !mysql_version_ge( 4, 1 ) ) { + + # MySQL 3.23/4.0 keeps Data_Length in the 5th (0-based) column + @ixs = ( 1, 5, 8 ); + } + push( @tblist, + map { [ (split)[@ixs] ] } + select_array "SHOW TABLE STATUS FROM \\\`$db\\\`" ); + } + + # Parse through the table list to generate storage engine counts/statistics + $fragtables = 0; + foreach my $tbl (@tblist) { + debugprint "Data dump " . Dumper(@$tbl); + my ( $engine, $size, $datafree ) = @$tbl; + next if $engine eq 'NULL'; + $size = 0 if $size eq 'NULL'; + $datafree = 0 if $datafree eq 'NULL'; + if ( defined $enginestats{$engine} ) { + $enginestats{$engine} += $size; + $enginecount{$engine} += 1; + } + else { + $enginestats{$engine} = $size; + $enginecount{$engine} = 1; + } + if ( $datafree > 0 ) { + $fragtables++; + } + } + } + while ( my ( $engine, $size ) = each(%enginestats) ) { + infoprint "Data in $engine tables: " + . hr_bytes($size) + . " (Tables: " + . $enginecount{$engine} . ")" . ""; + } + + # If the storage engine isn't being used, recommend it to be disabled + if ( !defined $enginestats{'InnoDB'} + && defined $myvar{'have_innodb'} + && $myvar{'have_innodb'} eq "YES" ) + { + badprint "InnoDB is enabled but isn't being used"; + push( @generalrec, + "Add skip-innodb to MySQL configuration to disable InnoDB" ); + } + if ( !defined $enginestats{'BerkeleyDB'} + && defined $myvar{'have_bdb'} + && $myvar{'have_bdb'} eq "YES" ) + { + badprint "BDB is enabled but isn't being used"; + push( @generalrec, + "Add skip-bdb to MySQL configuration to disable BDB" ); + } + if ( !defined $enginestats{'ISAM'} + && defined $myvar{'have_isam'} + && $myvar{'have_isam'} eq "YES" ) + { + badprint "MYISAM is enabled but isn't being used"; + push( @generalrec, +"Add skip-isam to MySQL configuration to disable ISAM (MySQL > 4.1.0)" + ); + } + + # Fragmented tables + if ( $fragtables > 0 ) { + badprint "Total fragmented tables: $fragtables"; + push( @generalrec, + "Run OPTIMIZE TABLE to defragment tables for better performance" ); + my $total_free = 0; + foreach my $table_line ( @{ $result{'Tables'}{'Fragmented tables'} } ) { + my ( $full_table_name, $data_free ) = split( /\s+/, $table_line ); + $data_free = 0 if ( !defined($data_free) or $data_free eq '' ); + $data_free = $data_free / 1024 / 1024; + $total_free += $data_free; + my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); + push( @generalrec, +" OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" + ); + } + push( @generalrec, + "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); + } + else { + goodprint "Total fragmented tables: $fragtables"; + } + + # Auto increments + my %tblist; + + # Find the maximum integer + my $maxint = select_one "SELECT ~0"; + $result{'MaxInt'} = $maxint; + +# Now we use a database list, and loop through it to get storage engine stats for tables + foreach my $db (@dblist) { + chomp($db); + + if ( !$tblist{$db} ) { + $tblist{$db} = (); + } + + if ( $db eq "information_schema" ) { next; } + my @ia = ( 0, 10 ); + if ( !mysql_version_ge( 4, 1 ) ) { + + # MySQL 3.23/4.0 keeps Data_Length in the 5th (0-based) column + @ia = ( 0, 9 ); + } + push( + @{ $tblist{$db} }, + map { [ (split)[@ia] ] } + select_array "SHOW TABLE STATUS FROM \\\`$db\\\`" + ); + } + + my @dbnames = keys %tblist; + + foreach my $db (@dbnames) { + foreach my $tbl ( @{ $tblist{$db} } ) { + my ( $name, $autoincrement ) = @$tbl; + + if ( $autoincrement =~ /^\d+?$/ ) { + my $percent = percentage( $autoincrement, $maxint ); + $result{'PctAutoIncrement'}{"$db.$name"} = $percent; + if ( $percent >= 75 ) { + badprint +"Table '$db.$name' has an autoincrement value near max capacity ($percent%)"; + } + } + } + } + +} + +my %mycalc; + +sub calculations { + if ( $mystat{'Questions'} < 1 ) { + badprint + "Your server has not answered any queries - cannot continue..."; + exit 2; + } + + # Per-thread memory + if ( mysql_version_ge(4) ) { + $mycalc{'per_thread_buffers'} = + $myvar{'read_buffer_size'} + + $myvar{'read_rnd_buffer_size'} + + $myvar{'sort_buffer_size'} + + $myvar{'thread_stack'} + + $myvar{'join_buffer_size'}; + } + else { + $mycalc{'per_thread_buffers'} = + $myvar{'record_buffer'} + + $myvar{'record_rnd_buffer'} + + $myvar{'sort_buffer'} + + $myvar{'thread_stack'} + + $myvar{'join_buffer_size'}; + } + $mycalc{'total_per_thread_buffers'} = + $mycalc{'per_thread_buffers'} * $myvar{'max_connections'}; + $mycalc{'max_total_per_thread_buffers'} = + $mycalc{'per_thread_buffers'} * $mystat{'Max_used_connections'}; + + # Server-wide memory + $mycalc{'max_tmp_table_size'} = + ( $myvar{'tmp_table_size'} > $myvar{'max_heap_table_size'} ) + ? $myvar{'max_heap_table_size'} + : $myvar{'tmp_table_size'}; + $mycalc{'server_buffers'} = + $myvar{'key_buffer_size'} + $mycalc{'max_tmp_table_size'}; + $mycalc{'server_buffers'} += + ( defined $myvar{'innodb_buffer_pool_size'} ) + ? $myvar{'innodb_buffer_pool_size'} + : 0; + $mycalc{'server_buffers'} += + ( defined $myvar{'innodb_additional_mem_pool_size'} ) + ? $myvar{'innodb_additional_mem_pool_size'} + : 0; + $mycalc{'server_buffers'} += + ( defined $myvar{'innodb_log_buffer_size'} ) + ? $myvar{'innodb_log_buffer_size'} + : 0; + $mycalc{'server_buffers'} += + ( defined $myvar{'query_cache_size'} ) ? $myvar{'query_cache_size'} : 0; + $mycalc{'server_buffers'} += + ( defined $myvar{'aria_pagecache_buffer_size'} ) + ? $myvar{'aria_pagecache_buffer_size'} + : 0; + +# Global memory +# Max used memory is memory used by MySQL based on Max_used_connections +# This is the max memory used theoretically calculated with the max concurrent connection number reached by mysql + $mycalc{'max_used_memory'} = + $mycalc{'server_buffers'} + + $mycalc{"max_total_per_thread_buffers"} + + get_pf_memory(); + + # + get_gcache_memory(); + $mycalc{'pct_max_used_memory'} = + percentage( $mycalc{'max_used_memory'}, $physical_memory ); + +# Total possible memory is memory needed by MySQL based on max_connections +# This is the max memory MySQL can theoretically used if all connections allowed has opened by mysql + $mycalc{'max_peak_memory'} = + $mycalc{'server_buffers'} + + $mycalc{'total_per_thread_buffers'} + + get_pf_memory(); + + # + get_gcache_memory(); + $mycalc{'pct_max_physical_memory'} = + percentage( $mycalc{'max_peak_memory'}, $physical_memory ); + + debugprint "Max Used Memory: " + . hr_bytes( $mycalc{'max_used_memory'} ) . ""; + debugprint "Max Used Percentage RAM: " + . $mycalc{'pct_max_used_memory'} . "%"; + + debugprint "Max Peak Memory: " + . hr_bytes( $mycalc{'max_peak_memory'} ) . ""; + debugprint "Max Peak Percentage RAM: " + . $mycalc{'pct_max_physical_memory'} . "%"; + + # Slow queries + $mycalc{'pct_slow_queries'} = + int( ( $mystat{'Slow_queries'} / $mystat{'Questions'} ) * 100 ); + + # Connections + $mycalc{'pct_connections_used'} = int( + ( $mystat{'Max_used_connections'} / $myvar{'max_connections'} ) * 100 ); + $mycalc{'pct_connections_used'} = + ( $mycalc{'pct_connections_used'} > 100 ) + ? 100 + : $mycalc{'pct_connections_used'}; + + # Aborted Connections + $mycalc{'pct_connections_aborted'} = + percentage( $mystat{'Aborted_connects'}, $mystat{'Connections'} ); + debugprint "Aborted_connects: " . $mystat{'Aborted_connects'} . ""; + debugprint "Connections: " . $mystat{'Connections'} . ""; + debugprint "pct_connections_aborted: " + . $mycalc{'pct_connections_aborted'} . ""; + + # Key buffers + if ( mysql_version_ge( 4, 1 ) && $myvar{'key_buffer_size'} > 0 ) { + $mycalc{'pct_key_buffer_used'} = sprintf( + "%.1f", + ( + 1 - ( + ( + $mystat{'Key_blocks_unused'} * + $myvar{'key_cache_block_size'} + ) / $myvar{'key_buffer_size'} + ) + ) * 100 + ); + } + else { + $mycalc{'pct_key_buffer_used'} = 0; + } + + if ( $mystat{'Key_read_requests'} > 0 ) { + $mycalc{'pct_keys_from_mem'} = sprintf( + "%.1f", + ( + 100 - ( + ( $mystat{'Key_reads'} / $mystat{'Key_read_requests'} ) * + 100 + ) + ) + ); + } + else { + $mycalc{'pct_keys_from_mem'} = 0; + } + if ( defined $mystat{'Aria_pagecache_read_requests'} + && $mystat{'Aria_pagecache_read_requests'} > 0 ) + { + $mycalc{'pct_aria_keys_from_mem'} = sprintf( + "%.1f", + ( + 100 - ( + ( + $mystat{'Aria_pagecache_reads'} / + $mystat{'Aria_pagecache_read_requests'} + ) * 100 + ) + ) + ); + } + else { + $mycalc{'pct_aria_keys_from_mem'} = 0; + } + + if ( $mystat{'Key_write_requests'} > 0 ) { + $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", + ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) + ); + } + else { + $mycalc{'pct_wkeys_from_mem'} = 0; + } + + if ( $doremote eq 0 and !mysql_version_ge(5) ) { + my $size = 0; + $size += (split)[0] + for +`find $myvar{'datadir'} -name "*.MYI" 2>&1 | xargs du -L $duflags 2>&1`; + $mycalc{'total_myisam_indexes'} = $size; + $mycalc{'total_aria_indexes'} = 0; + } + elsif ( mysql_version_ge(5) ) { + $mycalc{'total_myisam_indexes'} = select_one +"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'MyISAM';"; + $mycalc{'total_aria_indexes'} = select_one +"SELECT IFNULL(SUM(INDEX_LENGTH),0) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ('information_schema') AND ENGINE = 'Aria';"; + } + if ( defined $mycalc{'total_myisam_indexes'} + and $mycalc{'total_myisam_indexes'} == 0 ) + { + $mycalc{'total_myisam_indexes'} = "fail"; + } + elsif ( defined $mycalc{'total_myisam_indexes'} ) { + chomp( $mycalc{'total_myisam_indexes'} ); + } + if ( defined $mycalc{'total_aria_indexes'} + and $mycalc{'total_aria_indexes'} == 0 ) + { + $mycalc{'total_aria_indexes'} = 1; + } + elsif ( defined $mycalc{'total_aria_indexes'} ) { + chomp( $mycalc{'total_aria_indexes'} ); + } + + # Query cache + if ( mysql_version_ge(8) and mysql_version_le(10) ) { + $mycalc{'query_cache_efficiency'} = 0; + } + elsif ( mysql_version_ge(4) ) { + $mycalc{'query_cache_efficiency'} = sprintf( + "%.1f", + ( + $mystat{'Qcache_hits'} / + ( $mystat{'Com_select'} + $mystat{'Qcache_hits'} ) + ) * 100 + ); + if ( $myvar{'query_cache_size'} ) { + $mycalc{'pct_query_cache_used'} = sprintf( + "%.1f", + 100 - ( + $mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'} + ) * 100 + ); + } + if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) { + $mycalc{'query_cache_prunes_per_day'} = 0; + } + else { + $mycalc{'query_cache_prunes_per_day'} = int( + $mystat{'Qcache_lowmem_prunes'} / ( $mystat{'Uptime'} / 86400 ) + ); + } + } + + # Sorting + $mycalc{'total_sorts'} = $mystat{'Sort_scan'} + $mystat{'Sort_range'}; + if ( $mycalc{'total_sorts'} > 0 ) { + $mycalc{'pct_temp_sort_table'} = int( + ( $mystat{'Sort_merge_passes'} / $mycalc{'total_sorts'} ) * 100 ); + } + + # Joins + $mycalc{'joins_without_indexes'} = + $mystat{'Select_range_check'} + $mystat{'Select_full_join'}; + $mycalc{'joins_without_indexes_per_day'} = + int( $mycalc{'joins_without_indexes'} / ( $mystat{'Uptime'} / 86400 ) ); + + # Temporary tables + if ( $mystat{'Created_tmp_tables'} > 0 ) { + if ( $mystat{'Created_tmp_disk_tables'} > 0 ) { + $mycalc{'pct_temp_disk'} = int( + ( + $mystat{'Created_tmp_disk_tables'} / + $mystat{'Created_tmp_tables'} + ) * 100 + ); + } + else { + $mycalc{'pct_temp_disk'} = 0; + } + } + + # Table cache + if ( $mystat{'Opened_tables'} > 0 ) { + $mycalc{'table_cache_hit_rate'} = + int( $mystat{'Open_tables'} * 100 / $mystat{'Opened_tables'} ); + } + else { + $mycalc{'table_cache_hit_rate'} = 100; + } + + # Open files + if ( $myvar{'open_files_limit'} > 0 ) { + $mycalc{'pct_files_open'} = + int( $mystat{'Open_files'} * 100 / $myvar{'open_files_limit'} ); + } + + # Table locks + if ( $mystat{'Table_locks_immediate'} > 0 ) { + if ( $mystat{'Table_locks_waited'} == 0 ) { + $mycalc{'pct_table_locks_immediate'} = 100; + } + else { + $mycalc{'pct_table_locks_immediate'} = int( + $mystat{'Table_locks_immediate'} * 100 / ( + $mystat{'Table_locks_waited'} + + $mystat{'Table_locks_immediate'} + ) + ); + } + } + + # Thread cache + $mycalc{'thread_cache_hit_rate'} = + int( 100 - + ( ( $mystat{'Threads_created'} / $mystat{'Connections'} ) * 100 ) ); + + # Other + if ( $mystat{'Connections'} > 0 ) { + $mycalc{'pct_aborted_connections'} = + int( ( $mystat{'Aborted_connects'} / $mystat{'Connections'} ) * 100 ); + } + if ( $mystat{'Questions'} > 0 ) { + $mycalc{'total_reads'} = $mystat{'Com_select'}; + $mycalc{'total_writes'} = + $mystat{'Com_delete'} + + $mystat{'Com_insert'} + + $mystat{'Com_update'} + + $mystat{'Com_replace'}; + if ( $mycalc{'total_reads'} == 0 ) { + $mycalc{'pct_reads'} = 0; + $mycalc{'pct_writes'} = 100; + } + else { + $mycalc{'pct_reads'} = int( + ( + $mycalc{'total_reads'} / + ( $mycalc{'total_reads'} + $mycalc{'total_writes'} ) + ) * 100 + ); + $mycalc{'pct_writes'} = 100 - $mycalc{'pct_reads'}; + } + } + + # InnoDB + if ( $myvar{'have_innodb'} eq "YES" ) { + $mycalc{'innodb_log_size_pct'} = + ( $myvar{'innodb_log_file_size'} * + $myvar{'innodb_log_files_in_group'} * 100 / + $myvar{'innodb_buffer_pool_size'} ); + } + + # InnoDB Buffer pool read cache efficiency + ( + $mystat{'Innodb_buffer_pool_read_requests'}, + $mystat{'Innodb_buffer_pool_reads'} + ) + = ( 1, 1 ) + unless defined $mystat{'Innodb_buffer_pool_reads'}; + $mycalc{'pct_read_efficiency'} = percentage( + ( + $mystat{'Innodb_buffer_pool_read_requests'} - + $mystat{'Innodb_buffer_pool_reads'} + ), + $mystat{'Innodb_buffer_pool_read_requests'} + ) if defined $mystat{'Innodb_buffer_pool_read_requests'}; + debugprint "pct_read_efficiency: " . $mycalc{'pct_read_efficiency'} . ""; + debugprint "Innodb_buffer_pool_reads: " + . $mystat{'Innodb_buffer_pool_reads'} . ""; + debugprint "Innodb_buffer_pool_read_requests: " + . $mystat{'Innodb_buffer_pool_read_requests'} . ""; + + # InnoDB log write cache efficiency + ( $mystat{'Innodb_log_write_requests'}, $mystat{'Innodb_log_writes'} ) = + ( 1, 1 ) + unless defined $mystat{'Innodb_log_writes'}; + $mycalc{'pct_write_efficiency'} = percentage( + ( $mystat{'Innodb_log_write_requests'} - $mystat{'Innodb_log_writes'} ), + $mystat{'Innodb_log_write_requests'} + ) if defined $mystat{'Innodb_log_write_requests'}; + debugprint "pct_write_efficiency: " . $mycalc{'pct_write_efficiency'} . ""; + debugprint "Innodb_log_writes: " . $mystat{'Innodb_log_writes'} . ""; + debugprint "Innodb_log_write_requests: " + . $mystat{'Innodb_log_write_requests'} . ""; + $mycalc{'pct_innodb_buffer_used'} = percentage( + ( + $mystat{'Innodb_buffer_pool_pages_total'} - + $mystat{'Innodb_buffer_pool_pages_free'} + ), + $mystat{'Innodb_buffer_pool_pages_total'} + ) if defined $mystat{'Innodb_buffer_pool_pages_total'}; + + # Binlog Cache + if ( $myvar{'log_bin'} ne 'OFF' ) { + $mycalc{'pct_binlog_cache'} = percentage( + $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'}, + $mystat{'Binlog_cache_use'} ); + } +} + +sub mysql_stats { + subheaderprint "Performance Metrics"; + + # Show uptime, queries per second, connections, traffic stats + my $qps; + if ( $mystat{'Uptime'} > 0 ) { + $qps = sprintf( "%.3f", $mystat{'Questions'} / $mystat{'Uptime'} ); + } + push( @generalrec, +"MySQL was started within the last 24 hours - recommendations may be inaccurate" + ) if ( $mystat{'Uptime'} < 86400 ); + infoprint "Up for: " + . pretty_uptime( $mystat{'Uptime'} ) . " (" + . hr_num( $mystat{'Questions'} ) . " q [" + . hr_num($qps) + . " qps], " + . hr_num( $mystat{'Connections'} ) + . " conn," . " TX: " + . hr_bytes_rnd( $mystat{'Bytes_sent'} ) + . ", RX: " + . hr_bytes_rnd( $mystat{'Bytes_received'} ) . ")"; + infoprint "Reads / Writes: " + . $mycalc{'pct_reads'} . "% / " + . $mycalc{'pct_writes'} . "%"; + + # Binlog Cache + if ( $myvar{'log_bin'} eq 'OFF' ) { + infoprint "Binary logging is disabled"; + } + else { + infoprint "Binary logging is enabled (GTID MODE: " + . ( defined( $myvar{'gtid_mode'} ) ? $myvar{'gtid_mode'} : "OFF" ) + . ")"; + } + + # Memory usage + infoprint "Physical Memory : " . hr_bytes($physical_memory); + infoprint "Max MySQL memory : " . hr_bytes( $mycalc{'max_peak_memory'} ); + infoprint "Other process memory: " . hr_bytes( get_other_process_memory() ); + + infoprint "Total buffers: " + . hr_bytes( $mycalc{'server_buffers'} ) + . " global + " + . hr_bytes( $mycalc{'per_thread_buffers'} ) + . " per thread ($myvar{'max_connections'} max threads)"; + infoprint "P_S Max memory usage: " . hr_bytes_rnd( get_pf_memory() ); + $result{'P_S'}{'memory'} = get_pf_memory(); + $result{'P_S'}{'pretty_memory'} = + hr_bytes_rnd( get_pf_memory() ); + infoprint "Galera GCache Max memory usage: " + . hr_bytes_rnd( get_gcache_memory() ); + $result{'Galera'}{'GCache'}{'memory'} = get_gcache_memory(); + $result{'Galera'}{'GCache'}{'pretty_memory'} = + hr_bytes_rnd( get_gcache_memory() ); + + if ( $opt{buffers} ne 0 ) { + infoprint "Global Buffers"; + infoprint " +-- Key Buffer: " + . hr_bytes( $myvar{'key_buffer_size'} ) . ""; + infoprint " +-- Max Tmp Table: " + . hr_bytes( $mycalc{'max_tmp_table_size'} ) . ""; + + if ( defined $myvar{'query_cache_type'} ) { + infoprint "Query Cache Buffers"; + infoprint " +-- Query Cache: " + . $myvar{'query_cache_type'} . " - " + . ( + $myvar{'query_cache_type'} eq 0 | + $myvar{'query_cache_type'} eq 'OFF' ? "DISABLED" + : ( + $myvar{'query_cache_type'} eq 1 ? "ALL REQUESTS" + : "ON DEMAND" + ) + ) . ""; + infoprint " +-- Query Cache Size: " + . hr_bytes( $myvar{'query_cache_size'} ) . ""; + } + + infoprint "Per Thread Buffers"; + infoprint " +-- Read Buffer: " + . hr_bytes( $myvar{'read_buffer_size'} ) . ""; + infoprint " +-- Read RND Buffer: " + . hr_bytes( $myvar{'read_rnd_buffer_size'} ) . ""; + infoprint " +-- Sort Buffer: " + . hr_bytes( $myvar{'sort_buffer_size'} ) . ""; + infoprint " +-- Thread stack: " + . hr_bytes( $myvar{'thread_stack'} ) . ""; + infoprint " +-- Join Buffer: " + . hr_bytes( $myvar{'join_buffer_size'} ) . ""; + if ( $myvar{'log_bin'} ne 'OFF' ) { + infoprint "Binlog Cache Buffers"; + infoprint " +-- Binlog Cache: " + . hr_bytes( $myvar{'binlog_cache_size'} ) . ""; + } + } + + if ( $arch + && $arch == 32 + && $mycalc{'max_used_memory'} > 2 * 1024 * 1024 * 1024 ) + { + badprint + "Allocating > 2GB RAM on 32-bit systems can cause system instability"; + badprint "Maximum reached memory usage: " + . hr_bytes( $mycalc{'max_used_memory'} ) + . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; + } + elsif ( $mycalc{'pct_max_used_memory'} > 85 ) { + badprint "Maximum reached memory usage: " + . hr_bytes( $mycalc{'max_used_memory'} ) + . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; + } + else { + goodprint "Maximum reached memory usage: " + . hr_bytes( $mycalc{'max_used_memory'} ) + . " ($mycalc{'pct_max_used_memory'}% of installed RAM)"; + } + + if ( $mycalc{'pct_max_physical_memory'} > 85 ) { + badprint "Maximum possible memory usage: " + . hr_bytes( $mycalc{'max_peak_memory'} ) + . " ($mycalc{'pct_max_physical_memory'}% of installed RAM)"; + push( @generalrec, + "Reduce your overall MySQL memory footprint for system stability" ); + } + else { + goodprint "Maximum possible memory usage: " + . hr_bytes( $mycalc{'max_peak_memory'} ) + . " ($mycalc{'pct_max_physical_memory'}% of installed RAM)"; + } + + if ( $physical_memory < + ( $mycalc{'max_peak_memory'} + get_other_process_memory() ) ) + { + badprint + "Overall possible memory usage with other process exceeded memory"; + push( @generalrec, + "Dedicate this server to your database for highest performance." ); + } + else { + goodprint +"Overall possible memory usage with other process is compatible with memory available"; + } + + # Slow queries + if ( $mycalc{'pct_slow_queries'} > 5 ) { + badprint "Slow queries: $mycalc{'pct_slow_queries'}% (" + . hr_num( $mystat{'Slow_queries'} ) . "/" + . hr_num( $mystat{'Questions'} ) . ")"; + } + else { + goodprint "Slow queries: $mycalc{'pct_slow_queries'}% (" + . hr_num( $mystat{'Slow_queries'} ) . "/" + . hr_num( $mystat{'Questions'} ) . ")"; + } + if ( $myvar{'long_query_time'} > 10 ) { + push( @adjvars, "long_query_time (<= 10)" ); + } + if ( defined( $myvar{'log_slow_queries'} ) ) { + if ( $myvar{'log_slow_queries'} eq "OFF" ) { + push( @generalrec, + "Enable the slow query log to troubleshoot bad queries" ); + } + } + + # Connections + if ( $mycalc{'pct_connections_used'} > 85 ) { + badprint +"Highest connection usage: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})"; + push( @adjvars, + "max_connections (> " . $myvar{'max_connections'} . ")" ); + push( @adjvars, + "wait_timeout (< " . $myvar{'wait_timeout'} . ")", + "interactive_timeout (< " . $myvar{'interactive_timeout'} . ")" ); + push( @generalrec, +"Reduce or eliminate persistent connections to reduce connection usage" + ); + } + else { + goodprint +"Highest usage of available connections: $mycalc{'pct_connections_used'}% ($mystat{'Max_used_connections'}/$myvar{'max_connections'})"; + } + + # Aborted Connections + if ( $mycalc{'pct_connections_aborted'} > 3 ) { + badprint +"Aborted connections: $mycalc{'pct_connections_aborted'}% ($mystat{'Aborted_connects'}/$mystat{'Connections'})"; + push( @generalrec, + "Reduce or eliminate unclosed connections and network issues" ); + } + else { + goodprint +"Aborted connections: $mycalc{'pct_connections_aborted'}% ($mystat{'Aborted_connects'}/$mystat{'Connections'})"; + } + + # name resolution + if ( defined( $result{'Variables'}{'skip_networking'} ) + && $result{'Variables'}{'skip_networking'} eq 'ON' ) + { + infoprint +"Skipped name resolution test due to skip_networking=ON in system variables."; + } + elsif ( not defined( $result{'Variables'}{'skip_name_resolve'} ) ) { + infoprint +"Skipped name resolution test due to missing skip_name_resolve in system variables."; + } + elsif ( $result{'Variables'}{'skip_name_resolve'} eq 'OFF' ) { + badprint +"name resolution is active : a reverse name resolution is made for each new connection and can reduce performance"; + push( @generalrec, +"Configure your accounts with ip or subnets only, then update your configuration with skip-name-resolve=1" + ); + } + + # Query cache + if ( !mysql_version_ge(4) ) { + + # MySQL versions < 4.01 don't support query caching + push( @generalrec, + "Upgrade MySQL to version 4+ to utilize query caching" ); + } + elsif ( mysql_version_eq(8) ) { + infoprint "Query cache have been removed in MySQL 8"; + + #return; + } + elsif ( $myvar{'query_cache_size'} < 1 + and $myvar{'query_cache_type'} eq "OFF" ) + { + goodprint +"Query cache is disabled by default due to mutex contention on multiprocessor machines."; + } + elsif ( $mystat{'Com_select'} == 0 ) { + badprint + "Query cache cannot be analyzed - no SELECT statements executed"; + } + else { + badprint + "Query cache may be disabled by default due to mutex contention."; + push( @adjvars, "query_cache_size (=0)" ); + push( @adjvars, "query_cache_type (=0)" ); + if ( $mycalc{'query_cache_efficiency'} < 20 ) { + badprint + "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (" + . hr_num( $mystat{'Qcache_hits'} ) + . " cached / " + . hr_num( $mystat{'Qcache_hits'} + $mystat{'Com_select'} ) + . " selects)"; + push( @adjvars, + "query_cache_limit (> " + . hr_bytes_rnd( $myvar{'query_cache_limit'} ) + . ", or use smaller result sets)" ); + } + else { + goodprint + "Query cache efficiency: $mycalc{'query_cache_efficiency'}% (" + . hr_num( $mystat{'Qcache_hits'} ) + . " cached / " + . hr_num( $mystat{'Qcache_hits'} + $mystat{'Com_select'} ) + . " selects)"; + } + if ( $mycalc{'query_cache_prunes_per_day'} > 98 ) { + badprint +"Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}"; + if ( $myvar{'query_cache_size'} >= 128 * 1024 * 1024 ) { + push( @generalrec, +"Increasing the query_cache size over 128M may reduce performance" + ); + push( @adjvars, + "query_cache_size (> " + . hr_bytes_rnd( $myvar{'query_cache_size'} ) + . ") [see warning above]" ); + } + else { + push( @adjvars, + "query_cache_size (> " + . hr_bytes_rnd( $myvar{'query_cache_size'} ) + . ")" ); + } + } + else { + goodprint +"Query cache prunes per day: $mycalc{'query_cache_prunes_per_day'}"; + } + } + + # Sorting + if ( $mycalc{'total_sorts'} == 0 ) { + goodprint "No Sort requiring temporary tables"; + } + elsif ( $mycalc{'pct_temp_sort_table'} > 10 ) { + badprint + "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (" + . hr_num( $mystat{'Sort_merge_passes'} ) + . " temp sorts / " + . hr_num( $mycalc{'total_sorts'} ) + . " sorts)"; + push( @adjvars, + "sort_buffer_size (> " + . hr_bytes_rnd( $myvar{'sort_buffer_size'} ) + . ")" ); + push( @adjvars, + "read_rnd_buffer_size (> " + . hr_bytes_rnd( $myvar{'read_rnd_buffer_size'} ) + . ")" ); + } + else { + goodprint + "Sorts requiring temporary tables: $mycalc{'pct_temp_sort_table'}% (" + . hr_num( $mystat{'Sort_merge_passes'} ) + . " temp sorts / " + . hr_num( $mycalc{'total_sorts'} ) + . " sorts)"; + } + + # Joins + if ( $mycalc{'joins_without_indexes_per_day'} > 250 ) { + badprint + "Joins performed without indexes: $mycalc{'joins_without_indexes'}"; + push( @adjvars, + "join_buffer_size (> " + . hr_bytes( $myvar{'join_buffer_size'} ) + . ", or always use indexes with JOINs)" ); + push( @generalrec, + "Adjust your join queries to always utilize indexes" ); + } + else { + goodprint "No joins without indexes"; + + # No joins have run without indexes + } + + # Temporary tables + if ( $mystat{'Created_tmp_tables'} > 0 ) { + if ( $mycalc{'pct_temp_disk'} > 25 + && $mycalc{'max_tmp_table_size'} < 256 * 1024 * 1024 ) + { + badprint + "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" + . hr_num( $mystat{'Created_tmp_disk_tables'} ) + . " on disk / " + . hr_num( $mystat{'Created_tmp_tables'} ) + . " total)"; + push( @adjvars, + "tmp_table_size (> " + . hr_bytes_rnd( $myvar{'tmp_table_size'} ) + . ")" ); + push( @adjvars, + "max_heap_table_size (> " + . hr_bytes_rnd( $myvar{'max_heap_table_size'} ) + . ")" ); + push( @generalrec, +"When making adjustments, make tmp_table_size/max_heap_table_size equal" + ); + push( @generalrec, + "Reduce your SELECT DISTINCT queries which have no LIMIT clause" + ); + } + elsif ($mycalc{'pct_temp_disk'} > 25 + && $mycalc{'max_tmp_table_size'} >= 256 * 1024 * 1024 ) + { + badprint + "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" + . hr_num( $mystat{'Created_tmp_disk_tables'} ) + . " on disk / " + . hr_num( $mystat{'Created_tmp_tables'} ) + . " total)"; + push( @generalrec, + "Temporary table size is already large - reduce result set size" + ); + push( @generalrec, + "Reduce your SELECT DISTINCT queries without LIMIT clauses" ); + } + else { + goodprint + "Temporary tables created on disk: $mycalc{'pct_temp_disk'}% (" + . hr_num( $mystat{'Created_tmp_disk_tables'} ) + . " on disk / " + . hr_num( $mystat{'Created_tmp_tables'} ) + . " total)"; + } + } + else { + goodprint "No tmp tables created on disk"; + } + + # Thread cache + if ( defined( $myvar{'thread_handling'} ) + and $myvar{'thread_handling'} eq 'pool-of-threads' ) + { + # https://www.percona.com/doc/percona-server/LATEST/performance/threadpool.html + # When thread pool is enabled, the value of the thread_cache_size variable + # is ignored. The Threads_cached status variable contains 0 in this case. + infoprint "Thread cache not used with thread_handling=pool-of-threads"; + } + else { + if ( $myvar{'thread_cache_size'} eq 0 ) { + badprint "Thread cache is disabled"; + push( @generalrec, + "Set thread_cache_size to 4 as a starting value" ); + push( @adjvars, "thread_cache_size (start at 4)" ); + } + else { + if ( $mycalc{'thread_cache_hit_rate'} <= 50 ) { + badprint + "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (" + . hr_num( $mystat{'Threads_created'} ) + . " created / " + . hr_num( $mystat{'Connections'} ) + . " connections)"; + push( @adjvars, + "thread_cache_size (> $myvar{'thread_cache_size'})" ); + } + else { + goodprint + "Thread cache hit rate: $mycalc{'thread_cache_hit_rate'}% (" + . hr_num( $mystat{'Threads_created'} ) + . " created / " + . hr_num( $mystat{'Connections'} ) + . " connections)"; + } + } + } + + # Table cache + my $table_cache_var = ""; + if ( $mystat{'Open_tables'} > 0 ) { + if ( $mycalc{'table_cache_hit_rate'} < 20 ) { + badprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " open / " + . hr_num( $mystat{'Opened_tables'} ) + . " opened)"; + if ( mysql_version_ge( 5, 1 ) ) { + $table_cache_var = "table_open_cache"; + } + else { + $table_cache_var = "table_cache"; + } + + push( @adjvars, + $table_cache_var . " (> " . $myvar{$table_cache_var} . ")" ); + push( @generalrec, + "Increase " + . $table_cache_var + . " gradually to avoid file descriptor limits" ); + push( @generalrec, + "Read this before increasing " + . $table_cache_var + . " over 64: https://bit.ly/1mi7c4C" ); + push( @generalrec, + "Read this before increasing for MariaDB" + . " https://mariadb.com/kb/en/library/optimizing-table_open_cache/" + ); + push( @generalrec, +"This is MyISAM only table_cache scalability problem, InnoDB not affected." + ); + push( @generalrec, + "See more details here: https://bugs.mysql.com/bug.php?id=49177" + ); + push( @generalrec, +"This bug already fixed in MySQL 5.7.9 and newer MySQL versions." + ); + push( @generalrec, + "Beware that open_files_limit (" + . $myvar{'open_files_limit'} + . ") variable " ); + push( @generalrec, + "should be greater than $table_cache_var (" + . $myvar{$table_cache_var} + . ")" ); + } + else { + goodprint "Table cache hit rate: $mycalc{'table_cache_hit_rate'}% (" + . hr_num( $mystat{'Open_tables'} ) + . " open / " + . hr_num( $mystat{'Opened_tables'} ) + . " opened)"; + } + } + + # Open files + if ( defined $mycalc{'pct_files_open'} ) { + if ( $mycalc{'pct_files_open'} > 85 ) { + badprint "Open file limit used: $mycalc{'pct_files_open'}% (" + . hr_num( $mystat{'Open_files'} ) . "/" + . hr_num( $myvar{'open_files_limit'} ) . ")"; + push( @adjvars, + "open_files_limit (> " . $myvar{'open_files_limit'} . ")" ); + } + else { + goodprint "Open file limit used: $mycalc{'pct_files_open'}% (" + . hr_num( $mystat{'Open_files'} ) . "/" + . hr_num( $myvar{'open_files_limit'} ) . ")"; + } + } + + # Table locks + if ( defined $mycalc{'pct_table_locks_immediate'} ) { + if ( $mycalc{'pct_table_locks_immediate'} < 95 ) { + badprint +"Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}%"; + push( @generalrec, + "Optimize queries and/or use InnoDB to reduce lock wait" ); + } + else { + goodprint +"Table locks acquired immediately: $mycalc{'pct_table_locks_immediate'}% (" + . hr_num( $mystat{'Table_locks_immediate'} ) + . " immediate / " + . hr_num( $mystat{'Table_locks_waited'} + + $mystat{'Table_locks_immediate'} ) + . " locks)"; + } + } + + # Binlog cache + if ( defined $mycalc{'pct_binlog_cache'} ) { + if ( $mycalc{'pct_binlog_cache'} < 90 + && $mystat{'Binlog_cache_use'} > 0 ) + { + badprint "Binlog cache memory access: " + . $mycalc{'pct_binlog_cache'} . "% (" + . ( + $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'} ) + . " Memory / " + . $mystat{'Binlog_cache_use'} + . " Total)"; + push( @generalrec, + "Increase binlog_cache_size (Actual value: " + . $myvar{'binlog_cache_size'} + . ")" ); + push( @adjvars, + "binlog_cache_size (" + . hr_bytes( $myvar{'binlog_cache_size'} + 16 * 1024 * 1024 ) + . ")" ); + } + else { + goodprint "Binlog cache memory access: " + . $mycalc{'pct_binlog_cache'} . "% (" + . ( + $mystat{'Binlog_cache_use'} - $mystat{'Binlog_cache_disk_use'} ) + . " Memory / " + . $mystat{'Binlog_cache_use'} + . " Total)"; + debugprint "Not enough data to validate binlog cache size\n" + if $mystat{'Binlog_cache_use'} < 10; + } + } + + # Performance options + if ( !mysql_version_ge( 5, 1 ) ) { + push( @generalrec, "Upgrade to MySQL 5.5+ to use asynchronous write" ); + } + elsif ( $myvar{'concurrent_insert'} eq "OFF" ) { + push( @generalrec, "Enable concurrent_insert by setting it to 'ON'" ); + } + elsif ( $myvar{'concurrent_insert'} eq 0 ) { + push( @generalrec, "Enable concurrent_insert by setting it to 1" ); + } +} + +# Recommendations for MyISAM +sub mysql_myisam { + subheaderprint "MyISAM Metrics"; + + # Key buffer usage + if ( defined( $mycalc{'pct_key_buffer_used'} ) ) { + if ( $mycalc{'pct_key_buffer_used'} < 90 ) { + badprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" + . hr_num( $myvar{'key_buffer_size'} * + $mycalc{'pct_key_buffer_used'} / + 100 ) + . " used / " + . hr_num( $myvar{'key_buffer_size'} ) + . " cache)"; + +#push(@adjvars,"key_buffer_size (\~ ".hr_num( $myvar{'key_buffer_size'} * $mycalc{'pct_key_buffer_used'} / 100).")"); + } + else { + goodprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" + . hr_num( $myvar{'key_buffer_size'} * + $mycalc{'pct_key_buffer_used'} / + 100 ) + . " used / " + . hr_num( $myvar{'key_buffer_size'} ) + . " cache)"; + } + } + else { + + # No queries have run that would use keys + debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" + . hr_num( + $myvar{'key_buffer_size'} * $mycalc{'pct_key_buffer_used'} / 100 ) + . " used / " + . hr_num( $myvar{'key_buffer_size'} ) + . " cache)"; + } + + # Key buffer + if ( !defined( $mycalc{'total_myisam_indexes'} ) and $doremote == 1 ) { + push( @generalrec, + "Unable to calculate MyISAM indexes on remote MySQL server < 5.0.0" + ); + } + elsif ( $mycalc{'total_myisam_indexes'} =~ /^fail$/ ) { + badprint + "Cannot calculate MyISAM index size - re-run script as root user"; + } + elsif ( $mycalc{'total_myisam_indexes'} == "0" ) { + badprint + "None of your MyISAM tables are indexed - add indexes immediately"; + } + else { + if ( $myvar{'key_buffer_size'} < $mycalc{'total_myisam_indexes'} + && $mycalc{'pct_keys_from_mem'} < 95 ) + { + badprint "Key buffer size / total MyISAM indexes: " + . hr_bytes( $myvar{'key_buffer_size'} ) . "/" + . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; + push( @adjvars, + "key_buffer_size (> " + . hr_bytes( $mycalc{'total_myisam_indexes'} ) + . ")" ); + } + else { + goodprint "Key buffer size / total MyISAM indexes: " + . hr_bytes( $myvar{'key_buffer_size'} ) . "/" + . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; + } + if ( $mystat{'Key_read_requests'} > 0 ) { + if ( $mycalc{'pct_keys_from_mem'} < 95 ) { + badprint + "Read Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (" + . hr_num( $mystat{'Key_read_requests'} ) + . " cached / " + . hr_num( $mystat{'Key_reads'} ) + . " reads)"; + } + else { + goodprint + "Read Key buffer hit rate: $mycalc{'pct_keys_from_mem'}% (" + . hr_num( $mystat{'Key_read_requests'} ) + . " cached / " + . hr_num( $mystat{'Key_reads'} ) + . " reads)"; + } + } + else { + + # No queries have run that would use keys + debugprint "Key buffer size / total MyISAM indexes: " + . hr_bytes( $myvar{'key_buffer_size'} ) . "/" + . hr_bytes( $mycalc{'total_myisam_indexes'} ) . ""; + } + if ( $mystat{'Key_write_requests'} > 0 ) { + if ( $mycalc{'pct_wkeys_from_mem'} < 95 ) { + badprint + "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" + . hr_num( $mystat{'Key_write_requests'} ) + . " cached / " + . hr_num( $mystat{'Key_writes'} ) + . " writes)"; + } + else { + goodprint + "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" + . hr_num( $mystat{'Key_write_requests'} ) + . " cached / " + . hr_num( $mystat{'Key_writes'} ) + . " writes)"; + } + } + else { + + # No queries have run that would use keys + debugprint + "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" + . hr_num( $mystat{'Key_write_requests'} ) + . " cached / " + . hr_num( $mystat{'Key_writes'} ) + . " writes)"; + } + } +} + +# Recommendations for ThreadPool +sub mariadb_threadpool { + subheaderprint "ThreadPool Metrics"; + + # AriaDB + unless ( defined $myvar{'have_threadpool'} + && $myvar{'have_threadpool'} eq "YES" ) + { + infoprint "ThreadPool stat is disabled."; + return; + } + infoprint "ThreadPool stat is enabled."; + infoprint "Thread Pool Size: " . $myvar{'thread_pool_size'} . " thread(s)."; + + if ( $myvar{'version'} =~ /mariadb|percona/i ) { + infoprint "Using default value is good enough for your version (" + . $myvar{'version'} . ")"; + return; + } + + if ( $myvar{'have_innodb'} eq 'YES' ) { + if ( $myvar{'thread_pool_size'} < 16 + or $myvar{'thread_pool_size'} > 36 ) + { + badprint +"thread_pool_size between 16 and 36 when using InnoDB storage engine."; + push( @generalrec, + "Thread pool size for InnoDB usage (" + . $myvar{'thread_pool_size'} + . ")" ); + push( @adjvars, + "thread_pool_size between 16 and 36 for InnoDB usage" ); + } + else { + goodprint +"thread_pool_size between 16 and 36 when using InnoDB storage engine."; + } + return; + } + if ( $myvar{'have_isam'} eq 'YES' ) { + if ( $myvar{'thread_pool_size'} < 4 or $myvar{'thread_pool_size'} > 8 ) + { + badprint +"thread_pool_size between 4 and 8 when using MyIsam storage engine."; + push( @generalrec, + "Thread pool size for MyIsam usage (" + . $myvar{'thread_pool_size'} + . ")" ); + push( @adjvars, + "thread_pool_size between 4 and 8 for MyIsam usage" ); + } + else { + goodprint +"thread_pool_size between 4 and 8 when using MyISAM storage engine."; + } + } +} + +sub get_pf_memory { + + # Performance Schema + return 0 unless defined $myvar{'performance_schema'}; + return 0 if $myvar{'performance_schema'} eq 'OFF'; + + my @infoPFSMemory = grep /performance_schema.memory/, + select_array("SHOW ENGINE PERFORMANCE_SCHEMA STATUS"); + return 0 if scalar(@infoPFSMemory) == 0; + $infoPFSMemory[0] =~ s/.*\s+(\d+)$/$1/g; + return $infoPFSMemory[0]; +} + +# Recommendations for Performance Schema +sub mysqsl_pfs { + subheaderprint "Performance schema"; + + # Performance Schema + $myvar{'performance_schema'} = 'OFF' + unless defined( $myvar{'performance_schema'} ); + unless ( $myvar{'performance_schema'} eq 'ON' ) { + infoprint "Performance schema is disabled."; + if ( mysql_version_ge( 5, 6 ) ) { + push( @generalrec, + "Performance schema should be activated for better diagnostics" + ); + push( @adjvars, "performance_schema = ON enable PFS" ); + } + } + else { + if ( mysql_version_le( 5, 5 ) ) { + push( @generalrec, +"Performance schema shouldn't be activated for MySQL and MariaDB 5.5 and lower version" + ); + push( @adjvars, "performance_schema = OFF disable PFS" ); + } + } + debugprint "Performance schema is " . $myvar{'performance_schema'}; + infoprint "Memory used by P_S: " . hr_bytes( get_pf_memory() ); + + if ( mysql_version_eq( 10, 0 ) ) { + push( @generalrec, +"Performance schema shouldn't be activated for MariaDB 10.0 for performance issue" + ); + push( @adjvars, "performance_schema = OFF disable PFS" ); + return; + } + unless ( grep /^sys$/, select_array("SHOW DATABASES") ) { + infoprint "Sys schema isn't installed."; + push( @generalrec, +"Consider installing Sys schema from https://github.com/mysql/mysql-sys for MySQL" + ) unless ( mysql_version_le( 5, 6 ) ); + push( @generalrec, +"Consider installing Sys schema from https://github.com/good-dba/mariadb-sys for MariaDB" + ) unless ( mysql_version_eq( 10, 0 ) or mysql_version_eq( 5, 5 ) ); + + return; + } + else { + infoprint "Sys schema is installed."; + } + return if ( $opt{pfstat} == 0 or $myvar{'performance_schema'} ne 'ON' ); + + infoprint "Sys schema Version: " + . select_one("select sys_version from sys.version"); + + # Top user per connection + subheaderprint "Performance schema: Top 5 user per connection"; + my $nbL = 1; + for my $lQuery ( + select_array( +'select user, total_connections from sys.user_summary order by total_connections desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery conn(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per statement + subheaderprint "Performance schema: Top 5 user per statement"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, statements from sys.user_summary order by statements desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery stmt(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per statement latency + subheaderprint "Performance schema: Top 5 user per statement latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, statement_avg_latency from sys.x\\$user_summary order by statement_avg_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per lock latency + subheaderprint "Performance schema: Top 5 user per lock latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, lock_latency from sys.x\\$user_summary_by_statement_latency order by lock_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per full scans + subheaderprint "Performance schema: Top 5 user per nb full scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, full_scans from sys.x\\$user_summary_by_statement_latency order by full_scans desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per row_sent + subheaderprint "Performance schema: Top 5 user per rows sent"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, rows_sent from sys.x\\$user_summary_by_statement_latency order by rows_sent desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per row modified + subheaderprint "Performance schema: Top 5 user per rows modified"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, rows_affected from sys.x\\$user_summary_by_statement_latency order by rows_affected desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per io + subheaderprint "Performance schema: Top 5 user per io"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, file_ios from sys.x\\$user_summary order by file_ios desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top user per io latency + subheaderprint "Performance schema: Top 5 user per io latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, file_io_latency from sys.x\\$user_summary order by file_io_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per connection + subheaderprint "Performance schema: Top 5 host per connection"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, total_connections from sys.x\\$host_summary order by total_connections desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery conn(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per statement + subheaderprint "Performance schema: Top 5 host per statement"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, statements from sys.x\\$host_summary order by statements desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery stmt(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per statement latency + subheaderprint "Performance schema: Top 5 host per statement latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, statement_avg_latency from sys.x\\$host_summary order by statement_avg_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per lock latency + subheaderprint "Performance schema: Top 5 host per lock latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, lock_latency from sys.x\\$host_summary_by_statement_latency order by lock_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per full scans + subheaderprint "Performance schema: Top 5 host per nb full scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, full_scans from sys.x\\$host_summary_by_statement_latency order by full_scans desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per rows sent + subheaderprint "Performance schema: Top 5 host per rows sent"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, rows_sent from sys.x\\$host_summary_by_statement_latency order by rows_sent desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per rows modified + subheaderprint "Performance schema: Top 5 host per rows modified"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, rows_affected from sys.x\\$host_summary_by_statement_latency order by rows_affected desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per io + subheaderprint "Performance schema: Top 5 host per io"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, file_ios from sys.x\\$host_summary order by file_ios desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top 5 host per io latency + subheaderprint "Performance schema: Top 5 host per io latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, file_io_latency from sys.x\\$host_summary order by file_io_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top IO type order by total io + subheaderprint "Performance schema: Top IO type order by total io"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select substring(event_name,14), SUM(total)AS total from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery i/o"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top IO type order by total latency + subheaderprint "Performance schema: Top IO type order by total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select substring(event_name,14), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY total_latency DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top IO type order by max latency + subheaderprint "Performance schema: Top IO type order by max latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select substring(event_name,14), MAX(max_latency) as max_latency from sys.x\\$host_summary_by_file_io_type GROUP BY substring(event_name,14) ORDER BY max_latency DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top Stages order by total io + subheaderprint "Performance schema: Top Stages order by total io"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select substring(event_name,7), SUM(total)AS total from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery i/o"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top Stages order by total latency + subheaderprint "Performance schema: Top Stages order by total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select substring(event_name,7), ROUND(SUM(total_latency),1) AS total_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY total_latency DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top Stages order by avg latency + subheaderprint "Performance schema: Top Stages order by avg latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select substring(event_name,7), MAX(avg_latency) as avg_latency from sys.x\\$host_summary_by_stages GROUP BY substring(event_name,7) ORDER BY avg_latency DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top host per table scans + subheaderprint "Performance schema: Top 5 host per table scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select host, table_scans from sys.x\\$host_summary order by table_scans desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # InnoDB Buffer Pool by schema + subheaderprint "Performance schema: InnoDB Buffer Pool by schema"; + $nbL = 1; + for my $lQuery ( + select_array( +'select object_schema, allocated, data, pages from sys.x\\$innodb_buffer_stats_by_schema ORDER BY pages DESC' + ) + ) + { + infoprint " +-- $nbL: $lQuery page(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # InnoDB Buffer Pool by table + subheaderprint "Performance schema: InnoDB Buffer Pool by table"; + $nbL = 1; + for my $lQuery ( + select_array( +'select object_schema, object_name, allocated,data, pages from sys.x\\$innodb_buffer_stats_by_table ORDER BY pages DESC' + ) + ) + { + infoprint " +-- $nbL: $lQuery page(s)"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Process per allocated memory + subheaderprint "Performance schema: Process per time"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, Command AS PROC, time from sys.x\\$processlist ORDER BY time DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # InnoDB Lock Waits + subheaderprint "Performance schema: InnoDB Lock Waits"; + $nbL = 1; + for my $lQuery ( + select_array( +'select wait_age_secs, locked_table, locked_type, waiting_query from sys.x\\$innodb_lock_waits order by wait_age_secs DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Threads IO Latency + subheaderprint "Performance schema: Thread IO Latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select user, total_latency, max_latency from sys.x\\$io_by_thread_by_latency order by total_latency DESC;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # High Cost SQL statements + subheaderprint "Performance schema: Top 5 Most latency statements"; + $nbL = 1; + for my $lQuery ( + select_array( +'select query, avg_latency from sys.x\\$statement_analysis order by avg_latency desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top 5% slower queries + subheaderprint "Performance schema: Top 5 slower queries"; + $nbL = 1; + for my $lQuery ( + select_array( +'select query, exec_count from sys.x\\$statements_with_runtimes_in_95th_percentile order by exec_count desc LIMIT 5' + ) + ) + { + infoprint " +-- $nbL: $lQuery s"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top 10 nb statement type + subheaderprint "Performance schema: Top 10 nb statement type"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(total) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top statement by total latency + subheaderprint "Performance schema: Top statement by total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(total_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top statement by lock latency + subheaderprint "Performance schema: Top statement by lock latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(lock_latency) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top statement by full scans + subheaderprint "Performance schema: Top statement by full scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(full_scans) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top statement by rows sent + subheaderprint "Performance schema: Top statement by rows sent"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(rows_sent) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Top statement by rows modified + subheaderprint "Performance schema: Top statement by rows modified"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select statement, sum(rows_affected) as total from sys.x\\$host_summary_by_statement_type group by statement order by total desc LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Use temporary tables + subheaderprint "Performance schema: Some queries using temp table"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select query from sys.x\\$statements_with_temp_tables LIMIT 20' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Unused Indexes + subheaderprint "Performance schema: Unused indexes"; + $nbL = 1; + for my $lQuery ( select_array('select * from sys.schema_unused_indexes') ) { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Full table scans + subheaderprint "Performance schema: Tables with full table scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select * from sys.x\\$schema_tables_with_full_table_scans order by rows_full_scanned DESC' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Latest file IO by latency + subheaderprint "Performance schema: Latest FILE IO by latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select thread, file, latency, operation from sys.x\\$latest_file_io ORDER BY latency LIMIT 10;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # FILE by IO read bytes + subheaderprint "Performance schema: FILE by IO read bytes"; + $nbL = 1; + for my $lQuery ( + select_array( +'select file, total_read from sys.x\\$io_global_by_file_by_bytes order by total_read DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # FILE by IO written bytes + subheaderprint "Performance schema: FILE by IO written bytes"; + $nbL = 1; + for my $lQuery ( + select_array( +'select file, total_written from sys.x\\$io_global_by_file_by_bytes order by total_written DESC LIMIT 15' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # file per IO total latency + subheaderprint "Performance schema: file per IO total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select file, total_latency from sys.x\\$io_global_by_file_by_latency ORDER BY total_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # file per IO read latency + subheaderprint "Performance schema: file per IO read latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select file, read_latency from sys.x\\$io_global_by_file_by_latency ORDER BY read_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # file per IO write latency + subheaderprint "Performance schema: file per IO write latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select file, write_latency from sys.x\\$io_global_by_file_by_latency ORDER BY write_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Event Wait by read bytes + subheaderprint "Performance schema: Event Wait by read bytes"; + $nbL = 1; + for my $lQuery ( + select_array( +'select event_name, total_read from sys.x\\$io_global_by_wait_by_bytes order by total_read DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Event Wait by write bytes + subheaderprint "Performance schema: Event Wait written bytes"; + $nbL = 1; + for my $lQuery ( + select_array( +'select event_name, total_written from sys.x\\$io_global_by_wait_by_bytes order by total_written DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # event per wait total latency + subheaderprint "Performance schema: event per wait total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select event_name, total_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY total_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # event per wait read latency + subheaderprint "Performance schema: event per wait read latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select event_name, read_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY read_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # event per wait write latency + subheaderprint "Performance schema: event per wait write latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select event_name, write_latency from sys.x\\$io_global_by_wait_by_latency ORDER BY write_latency DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + #schema_index_statistics + # TOP 15 most read index + subheaderprint "Performance schema: TOP 15 most read indexes"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, rows_selected from sys.x\\$schema_index_statistics ORDER BY ROWs_selected DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 most used index + subheaderprint "Performance schema: TOP 15 most modified indexes"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_index_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high read latency index + subheaderprint "Performance schema: TOP 15 high read latency index"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, select_latency from sys.x\\$schema_index_statistics ORDER BY select_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high insert latency index + subheaderprint "Performance schema: TOP 15 most modified indexes"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, insert_latency from sys.x\\$schema_index_statistics ORDER BY insert_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high update latency index + subheaderprint "Performance schema: TOP 15 high update latency index"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, update_latency from sys.x\\$schema_index_statistics ORDER BY update_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high delete latency index + subheaderprint "Performance schema: TOP 15 high delete latency index"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name,index_name, delete_latency from sys.x\\$schema_index_statistics ORDER BY delete_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 most read tables + subheaderprint "Performance schema: TOP 15 most read tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, rows_fetched from sys.x\\$schema_table_statistics ORDER BY ROWs_fetched DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 most used tables + subheaderprint "Performance schema: TOP 15 most modified tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, rows_inserted+rows_updated+rows_deleted AS changes from sys.x\\$schema_table_statistics ORDER BY rows_inserted+rows_updated+rows_deleted DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high read latency tables + subheaderprint "Performance schema: TOP 15 high read latency tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, fetch_latency from sys.x\\$schema_table_statistics ORDER BY fetch_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high insert latency tables + subheaderprint "Performance schema: TOP 15 high insert latency tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, insert_latency from sys.x\\$schema_table_statistics ORDER BY insert_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high update latency tables + subheaderprint "Performance schema: TOP 15 high update latency tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, update_latency from sys.x\\$schema_table_statistics ORDER BY update_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # TOP 15 high delete latency tables + subheaderprint "Performance schema: TOP 15 high delete latency tables"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select table_schema, table_name, delete_latency from sys.x\\$schema_table_statistics ORDER BY delete_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + # Redundant indexes + subheaderprint "Performance schema: Redundant indexes"; + $nbL = 1; + for my $lQuery ( + select_array('use sys;select * from schema_redundant_indexes;') ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Tables not using InnoDB buffer"; + $nbL = 1; + for my $lQuery ( + select_array( +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Table not using InnoDB buffer"; + $nbL = 1; + for my $lQuery ( + select_array( +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + subheaderprint "Performance schema: Table not using InnoDB buffer"; + $nbL = 1; + for my $lQuery ( + select_array( +' Select table_schema, table_name from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NULL;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Top 15 Tables using InnoDB buffer"; + $nbL = 1; + for my $lQuery ( + select_array( +'select table_schema,table_name,innodb_buffer_allocated from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_allocated DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Top 15 Tables with InnoDB buffer free"; + $nbL = 1; + for my $lQuery ( + select_array( +'select table_schema,table_name,innodb_buffer_free from sys.x\\$schema_table_statistics_with_buffer where innodb_buffer_allocated IS NOT NULL ORDER BY innodb_buffer_free DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Top 15 Most executed queries"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, exec_count from sys.x\\$statement_analysis order by exec_count DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: Latest SQL queries in errors or warnings"; + $nbL = 1; + for my $lQuery ( + select_array( +'select query, last_seen from sys.x\\$statements_with_errors_or_warnings ORDER BY last_seen LIMIT 100;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Top 20 queries with full table scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, exec_count from sys.x\\$statements_with_full_table_scans order BY exec_count DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Last 50 queries with full table scans"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, last_seen from sys.x\\$statements_with_full_table_scans order BY last_seen DESC LIMIT 50;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 reader queries (95% percentile)"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query , rows_sent from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY ROWs_sent DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 most row look queries (95% percentile)"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, rows_examined AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY rows_examined DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 total latency queries (95% percentile)"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY total_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 max latency queries (95% percentile)"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, max_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY max_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 average latency queries (95% percentile)"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, avg_latency AS search from sys.x\\$statements_with_runtimes_in_95th_percentile ORDER BY avg_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Top 20 queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, exec_count from sys.x\\$statements_with_sorting order BY exec_count DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Last 50 queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, last_seen from sys.x\\$statements_with_sorting order BY last_seen DESC LIMIT 50;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 row sorting queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query , rows_sorted from sys.x\\$statements_with_sorting ORDER BY ROWs_sorted DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 total latency queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, total_latency AS search from sys.x\\$statements_with_sorting ORDER BY total_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 merge queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, sort_merge_passes AS search from sys.x\\$statements_with_sorting ORDER BY sort_merge_passes DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 average sort merges queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, avg_sort_merges AS search from sys.x\\$statements_with_sorting ORDER BY avg_sort_merges DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 scans queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, sorts_using_scans AS search from sys.x\\$statements_with_sorting ORDER BY sorts_using_scans DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 range queries with sort"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, sort_using_range AS search from sys.x\\$statements_with_sorting ORDER BY sort_using_range DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + +################################################################################## + + #statements_with_temp_tables + +#mysql> desc statements_with_temp_tables; +#+--------------------------+---------------------+------+-----+---------------------+-------+ +#| Field | Type | Null | Key | Default | Extra | +#+--------------------------+---------------------+------+-----+---------------------+-------+ +#| query | longtext | YES | | NULL | | +#| db | varchar(64) | YES | | NULL | | +#| exec_count | bigint(20) unsigned | NO | | NULL | | +#| total_latency | text | YES | | NULL | | +#| memory_tmp_tables | bigint(20) unsigned | NO | | NULL | | +#| disk_tmp_tables | bigint(20) unsigned | NO | | NULL | | +#| avg_tmp_tables_per_query | decimal(21,0) | NO | | 0 | | +#| tmp_tables_to_disk_pct | decimal(24,0) | NO | | 0 | | +#| first_seen | timestamp | NO | | 0000-00-00 00:00:00 | | +#| last_seen | timestamp | NO | | 0000-00-00 00:00:00 | | +#| digest | varchar(32) | YES | | NULL | | +#+--------------------------+---------------------+------+-----+---------------------+-------+ +#11 rows in set (0,01 sec)# +# + subheaderprint "Performance schema: Top 20 queries with temp table"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, exec_count from sys.x\\$statements_with_temp_tables order BY exec_count DESC LIMIT 20;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: Last 50 queries with temp table"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, last_seen from sys.x\\$statements_with_temp_tables order BY last_seen DESC LIMIT 50;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint + "Performance schema: TOP 15 total latency queries with temp table"; + $nbL = 1; + for my $lQuery ( + select_array( +'select db, query, total_latency AS search from sys.x\\$statements_with_temp_tables ORDER BY total_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 queries with temp table to disk"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select db, query, disk_tmp_tables from sys.x\\$statements_with_temp_tables ORDER BY disk_tmp_tables DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + +################################################################################## + #wait_classes_global_by_latency + +#ysql> select * from wait_classes_global_by_latency; +#-----------------+-------+---------------+-------------+-------------+-------------+ +# event_class | total | total_latency | min_latency | avg_latency | max_latency | +#-----------------+-------+---------------+-------------+-------------+-------------+ +# wait/io/file | 15381 | 1.23 s | 0 ps | 80.12 us | 230.64 ms | +# wait/io/table | 59 | 7.57 ms | 5.45 us | 128.24 us | 3.95 ms | +# wait/lock/table | 69 | 3.22 ms | 658.84 ns | 46.64 us | 1.10 ms | +#-----------------+-------+---------------+-------------+-------------+-------------+ +# rows in set (0,00 sec) + + subheaderprint "Performance schema: TOP 15 class events by number"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select event_class, total from sys.x\\$wait_classes_global_by_latency ORDER BY total DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 30 events by number"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select events, total from sys.x\\$waits_global_by_latency ORDER BY total DESC LIMIT 30;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 class events by total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select event_class, total_latency from sys.x\\$wait_classes_global_by_latency ORDER BY total_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 30 events by total latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'use sys;select events, total_latency from sys.x\\$waits_global_by_latency ORDER BY total_latency DESC LIMIT 30;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 15 class events by max latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select event_class, max_latency from sys.x\\$wait_classes_global_by_latency ORDER BY max_latency DESC LIMIT 15;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + + subheaderprint "Performance schema: TOP 30 events by max latency"; + $nbL = 1; + for my $lQuery ( + select_array( +'select events, max_latency from sys.x\\$waits_global_by_latency ORDER BY max_latency DESC LIMIT 30;' + ) + ) + { + infoprint " +-- $nbL: $lQuery"; + $nbL++; + } + infoprint "No information found or indicators deactivated." + if ( $nbL == 1 ); + +} + +# Recommendations for Ariadb +sub mariadb_ariadb { + subheaderprint "AriaDB Metrics"; + + # AriaDB + unless ( defined $myvar{'have_aria'} + and $myvar{'have_aria'} eq "YES" ) + { + infoprint "AriaDB is disabled."; + return; + } + infoprint "AriaDB is enabled."; + + # Aria pagecache + if ( !defined( $mycalc{'total_aria_indexes'} ) and $doremote == 1 ) { + push( @generalrec, + "Unable to calculate Aria indexes on remote MySQL server < 5.0.0" ); + } + elsif ( $mycalc{'total_aria_indexes'} =~ /^fail$/ ) { + badprint + "Cannot calculate Aria index size - re-run script as root user"; + } + elsif ( $mycalc{'total_aria_indexes'} == "0" ) { + badprint + "None of your Aria tables are indexed - add indexes immediately"; + } + else { + if ( + $myvar{'aria_pagecache_buffer_size'} < $mycalc{'total_aria_indexes'} + && $mycalc{'pct_aria_keys_from_mem'} < 95 ) + { + badprint "Aria pagecache size / total Aria indexes: " + . hr_bytes( $myvar{'aria_pagecache_buffer_size'} ) . "/" + . hr_bytes( $mycalc{'total_aria_indexes'} ) . ""; + push( @adjvars, + "aria_pagecache_buffer_size (> " + . hr_bytes( $mycalc{'total_aria_indexes'} ) + . ")" ); + } + else { + goodprint "Aria pagecache size / total Aria indexes: " + . hr_bytes( $myvar{'aria_pagecache_buffer_size'} ) . "/" + . hr_bytes( $mycalc{'total_aria_indexes'} ) . ""; + } + if ( $mystat{'Aria_pagecache_read_requests'} > 0 ) { + if ( $mycalc{'pct_aria_keys_from_mem'} < 95 ) { + badprint +"Aria pagecache hit rate: $mycalc{'pct_aria_keys_from_mem'}% (" + . hr_num( $mystat{'Aria_pagecache_read_requests'} ) + . " cached / " + . hr_num( $mystat{'Aria_pagecache_reads'} ) + . " reads)"; + } + else { + goodprint +"Aria pagecache hit rate: $mycalc{'pct_aria_keys_from_mem'}% (" + . hr_num( $mystat{'Aria_pagecache_read_requests'} ) + . " cached / " + . hr_num( $mystat{'Aria_pagecache_reads'} ) + . " reads)"; + } + } + else { + + # No queries have run that would use keys + } + } +} + +# Recommendations for TokuDB +sub mariadb_tokudb { + subheaderprint "TokuDB Metrics"; + + # AriaDB + unless ( defined $myvar{'have_tokudb'} + && $myvar{'have_tokudb'} eq "YES" ) + { + infoprint "TokuDB is disabled."; + return; + } + infoprint "TokuDB is enabled."; + + # All is to done here +} + +# Recommendations for XtraDB +sub mariadb_xtradb { + subheaderprint "XtraDB Metrics"; + + # XtraDB + unless ( defined $myvar{'have_xtradb'} + && $myvar{'have_xtradb'} eq "YES" ) + { + infoprint "XtraDB is disabled."; + return; + } + infoprint "XtraDB is enabled."; + infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." + + # All is to done here +} + +# Recommendations for RocksDB +sub mariadb_rockdb { + subheaderprint "RocksDB Metrics"; + + # RocksDB + unless ( defined $myvar{'have_rocksdb'} + && $myvar{'have_rocksdb'} eq "YES" ) + { + infoprint "RocksDB is disabled."; + return; + } + infoprint "RocksDB is enabled."; + + # All is to do here +} + +# Recommendations for Spider +sub mariadb_spider { + subheaderprint "Spider Metrics"; + + # Spider + unless ( defined $myvar{'have_spider'} + && $myvar{'have_spider'} eq "YES" ) + { + infoprint "Spider is disabled."; + return; + } + infoprint "Spider is enabled."; + + # All is to do here +} + +# Recommendations for Connect +sub mariadb_connect { + subheaderprint "Connect Metrics"; + + # Connect + unless ( defined $myvar{'have_connect'} + && $myvar{'have_connect'} eq "YES" ) + { + infoprint "Connect is disabled."; + return; + } + infoprint "Connect is enabled."; + + # All is to do here +} + +# Perl trim function to remove whitespace from the start and end of the string +sub trim { + my $string = shift; + return "" unless defined($string); + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} + +sub get_wsrep_options { + return () unless defined $myvar{'wsrep_provider_options'}; + + my @galera_options = split /;/, $myvar{'wsrep_provider_options'}; + my $wsrep_slave_threads = $myvar{'wsrep_slave_threads'}; + push @galera_options, ' wsrep_slave_threads = ' . $wsrep_slave_threads; + @galera_options = remove_cr @galera_options; + @galera_options = remove_empty @galera_options; + debugprint Dumper( \@galera_options ); + return @galera_options; +} + +sub get_gcache_memory { + my $gCacheMem = hr_raw( get_wsrep_option('gcache.size') ); + + return 0 unless defined $gCacheMem and $gCacheMem ne ''; + return $gCacheMem; +} + +sub get_wsrep_option { + my $key = shift; + return '' unless defined $myvar{'wsrep_provider_options'}; + my @galera_options = get_wsrep_options; + return '' unless scalar(@galera_options) > 0; + my @memValues = grep /\s*$key =/, @galera_options; + my $memValue = $memValues[0]; + return 0 unless defined $memValue; + $memValue =~ s/.*=\s*(.+)$/$1/g; + return $memValue; +} + +# Recommendations for Galera +sub mariadb_galera { + subheaderprint "Galera Metrics"; + + # Galera Cluster + unless ( defined $myvar{'have_galera'} + && $myvar{'have_galera'} eq "YES" ) + { + infoprint "Galera is disabled."; + return; + } + infoprint "Galera is enabled."; + debugprint "Galera variables:"; + foreach my $gvar ( keys %myvar ) { + next unless $gvar =~ /^wsrep.*/; + next if $gvar eq 'wsrep_provider_options'; + debugprint "\t" . trim($gvar) . " = " . $myvar{$gvar}; + $result{'Galera'}{'variables'}{$gvar} = $myvar{$gvar}; + } + if ( not defined( $myvar{'wsrep_on'} ) or $myvar{'wsrep_on'} ne "ON" ) { + infoprint "Galera is disabled."; + return; + } + debugprint "Galera wsrep provider Options:"; + my @galera_options = get_wsrep_options; + $result{'Galera'}{'wsrep options'} = get_wsrep_options(); + foreach my $gparam (@galera_options) { + debugprint "\t" . trim($gparam); + } + debugprint "Galera status:"; + foreach my $gstatus ( keys %mystat ) { + next unless $gstatus =~ /^wsrep.*/; + debugprint "\t" . trim($gstatus) . " = " . $mystat{$gstatus}; + $result{'Galera'}{'status'}{$gstatus} = $myvar{$gstatus}; + } + infoprint "GCache is using " + . hr_bytes_rnd( get_wsrep_option('gcache.mem_size') ); + + #my @primaryKeysNbTables=(); + my @primaryKeysNbTables = select_array( + "Select CONCAT(c.table_schema,CONCAT('.', c.table_name)) +from information_schema.columns c +join information_schema.tables t using (TABLE_SCHEMA, TABLE_NAME) +where c.table_schema not in ('mysql', 'information_schema', 'performance_schema') + and t.table_type != 'VIEW' +group by c.table_schema,c.table_name +having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" + ); + + infoprint "CPU core detected : " . (cpu_cores); + infoprint "wsrep_slave_threads: " . get_wsrep_option('wsrep_slave_threads'); + if ( get_wsrep_option('wsrep_slave_threads') > ( (cpu_cores) * 4 ) + or get_wsrep_option('wsrep_slave_threads') < ( (cpu_cores) * 2 ) ) + { + badprint +"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)"; + push @adjvars, "wsrep_slave_threads = " . ( (cpu_cores) * 4 ); + } + else { + goodprint + "wsrep_slave_threads is equal to 2, 3 or 4 times number of CPU(s)"; + } + + if ( get_wsrep_option('gcs.fc_limit') != + get_wsrep_option('wsrep_slave_threads') * 5 ) + { + badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; + push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; + } + else { + goodprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; + } + + if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { + infoprint + "wsrep parallel slave can cause frequent inconsistency crash."; + push @adjvars, +"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; + + # check options for parallel slave + if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { + badprint "wsrep_slave_FK_checks is off with parallel slave"; + push @adjvars, + "wsrep_slave_FK_checks should be ON when using parallel slave"; + } + + # wsrep_slave_UK_checks seems useless in MySQL source code + if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { + badprint + "innodb_autoinc_lock_mode is incorrect with parallel slave"; + push @adjvars, + "innodb_autoinc_lock_mode should be 2 when using parallel slave"; + } + } + + if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) + { + badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; + push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; + } + else { + goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; + } + + if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) { + badprint "gcs.fc_factor should be equal to 0.8"; + push @adjvars, "gcs.fc_factor=0.8"; + } + else { + goodprint "gcs.fc_factor is equal to 0.8"; + } + if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { + badprint "Fraction of time node pause flow control > 0.02"; + } + else { + goodprint +"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; + } + + if ( scalar(@primaryKeysNbTables) > 0 ) { + badprint "Following table(s) don't have primary key:"; + foreach my $badtable (@primaryKeysNbTables) { + badprint "\t$badtable"; + push @{ $result{'Tables without PK'} }, $badtable; + } + } + else { + goodprint "All tables get a primary key"; + } + my @nonInnoDBTables = select_array( +"select CONCAT(table_schema,CONCAT('.', table_name)) from information_schema.tables where ENGINE <> 'InnoDB' and table_schema not in ('mysql', 'performance_schema', 'information_schema')" + ); + if ( scalar(@nonInnoDBTables) > 0 ) { + badprint "Following table(s) are not InnoDB table:"; + push @generalrec, + "Ensure that all table(s) are InnoDB tables for Galera replication"; + foreach my $badtable (@nonInnoDBTables) { + badprint "\t$badtable"; + } + } + else { + goodprint "All tables are InnoDB tables"; + } + if ( $myvar{'binlog_format'} ne 'ROW' ) { + badprint "Binlog format should be in ROW mode."; + push @adjvars, "binlog_format = ROW"; + } + else { + goodprint "Binlog format is in ROW mode."; + } + if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { + badprint "InnoDB flush log at each commit should be disabled."; + push @adjvars, "innodb_flush_log_at_trx_commit = 0"; + } + else { + goodprint "InnoDB flush log at each commit is disabled for Galera."; + } + + infoprint "Read consistency mode :" . $myvar{'wsrep_causal_reads'}; + + if ( defined( $myvar{'wsrep_cluster_name'} ) + and $myvar{'wsrep_on'} eq "ON" ) + { + goodprint "Galera WsREP is enabled."; + if ( defined( $myvar{'wsrep_cluster_address'} ) + and trim("$myvar{'wsrep_cluster_address'}") ne "" ) + { + goodprint "Galera Cluster address is defined: " + . $myvar{'wsrep_cluster_address'}; + my @NodesTmp = split /,/, $myvar{'wsrep_cluster_address'}; + my $nbNodes = @NodesTmp; + infoprint "There are $nbNodes nodes in wsrep_cluster_address"; + my $nbNodesSize = trim( $mystat{'wsrep_cluster_size'} ); + if ( $nbNodesSize == 3 or $nbNodesSize == 5 ) { + goodprint "There are $nbNodesSize nodes in wsrep_cluster_size."; + } + else { + badprint +"There are $nbNodesSize nodes in wsrep_cluster_size. Prefer 3 or 5 nodes architecture."; + push @generalrec, "Prefer 3 or 5 nodes architecture."; + } + + # wsrep_cluster_address doesn't include garbd nodes + if ( $nbNodes > $nbNodesSize ) { + badprint +"All cluster nodes are not detected. wsrep_cluster_size less then node count in wsrep_cluster_address"; + } + else { + goodprint "All cluster nodes detected."; + } + } + else { + badprint "Galera Cluster address is undefined"; + push @adjvars, + "set up wsrep_cluster_address variable for Galera replication"; + } + if ( defined( $myvar{'wsrep_cluster_name'} ) + and trim( $myvar{'wsrep_cluster_name'} ) ne "" ) + { + goodprint "Galera Cluster name is defined: " + . $myvar{'wsrep_cluster_name'}; + } + else { + badprint "Galera Cluster name is undefined"; + push @adjvars, + "set up wsrep_cluster_name variable for Galera replication"; + } + if ( defined( $myvar{'wsrep_node_name'} ) + and trim( $myvar{'wsrep_node_name'} ) ne "" ) + { + goodprint "Galera Node name is defined: " + . $myvar{'wsrep_node_name'}; + } + else { + badprint "Galera node name is undefined"; + push @adjvars, + "set up wsrep_node_name variable for Galera replication"; + } + if ( trim( $myvar{'wsrep_notify_cmd'} ) ne "" ) { + goodprint "Galera Notify command is defined."; + } + else { + badprint "Galera Notify command is not defined."; + push( @adjvars, "set up parameter wsrep_notify_cmd to be notify" ); + } + if ( trim( $myvar{'wsrep_sst_method'} ) !~ "^xtrabackup.*" + and trim( $myvar{'wsrep_sst_method'} ) !~ "^mariabackup" ) + { + badprint "Galera SST method is not xtrabackup based."; + push( @adjvars, +"set up parameter wsrep_sst_method to xtrabackup based parameter" + ); + } + else { + goodprint "SST Method is based on xtrabackup."; + } + if ( + ( + defined( $myvar{'wsrep_OSU_method'} ) + && trim( $myvar{'wsrep_OSU_method'} ) eq "TOI" + ) + || ( defined( $myvar{'wsrep_osu_method'} ) + && trim( $myvar{'wsrep_osu_method'} ) eq "TOI" ) + ) + { + goodprint "TOI is default mode for upgrade."; + } + else { + badprint "Schema upgrade are not replicated automatically"; + push( @adjvars, "set up parameter wsrep_OSU_method to TOI" ); + } + infoprint "Max WsRep message : " + . hr_bytes( $myvar{'wsrep_max_ws_size'} ); + } + else { + badprint "Galera WsREP is disabled"; + } + + if ( defined( $mystat{'wsrep_connected'} ) + and $mystat{'wsrep_connected'} eq "ON" ) + { + goodprint "Node is connected"; + } + else { + badprint "Node is disconnected"; + } + if ( defined( $mystat{'wsrep_ready'} ) and $mystat{'wsrep_ready'} eq "ON" ) + { + goodprint "Node is ready"; + } + else { + badprint "Node is not ready"; + } + infoprint "Cluster status :" . $mystat{'wsrep_cluster_status'}; + if ( defined( $mystat{'wsrep_cluster_status'} ) + and $mystat{'wsrep_cluster_status'} eq "Primary" ) + { + goodprint "Galera cluster is consistent and ready for operations"; + } + else { + badprint "Cluster is not consistent and ready"; + } + if ( $mystat{'wsrep_local_state_uuid'} eq + $mystat{'wsrep_cluster_state_uuid'} ) + { + goodprint "Node and whole cluster at the same level: " + . $mystat{'wsrep_cluster_state_uuid'}; + } + else { + badprint "Node and whole cluster not the same level"; + infoprint "Node state uuid: " . $mystat{'wsrep_local_state_uuid'}; + infoprint "Cluster state uuid: " . $mystat{'wsrep_cluster_state_uuid'}; + } + if ( $mystat{'wsrep_local_state_comment'} eq 'Synced' ) { + goodprint "Node is synced with whole cluster."; + } + else { + badprint "Node is not synced"; + infoprint "Node State : " . $mystat{'wsrep_local_state_comment'}; + } + if ( $mystat{'wsrep_local_cert_failures'} == 0 ) { + goodprint "There is no certification failures detected."; + } + else { + badprint "There is " + . $mystat{'wsrep_local_cert_failures'} + . " certification failure(s)detected."; + } + + for my $key ( keys %mystat ) { + if ( $key =~ /wsrep_|galera/i ) { + debugprint "WSREP: $key = $mystat{$key}"; + } + } + debugprint Dumper get_wsrep_options(); +} + +# Recommendations for InnoDB +sub mysql_innodb { + subheaderprint "InnoDB Metrics"; + + # InnoDB + unless ( defined $myvar{'have_innodb'} + && $myvar{'have_innodb'} eq "YES" + && defined $enginestats{'InnoDB'} ) + { + infoprint "InnoDB is disabled."; + if ( mysql_version_ge( 5, 5 ) ) { + badprint +"InnoDB Storage engine is disabled. InnoDB is the default storage engine"; + } + return; + } + infoprint "InnoDB is enabled."; + + if ( $opt{buffers} ne 0 ) { + infoprint "InnoDB Buffers"; + if ( defined $myvar{'innodb_buffer_pool_size'} ) { + infoprint " +-- InnoDB Buffer Pool: " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . ""; + } + if ( defined $myvar{'innodb_buffer_pool_instances'} ) { + infoprint " +-- InnoDB Buffer Pool Instances: " + . $myvar{'innodb_buffer_pool_instances'} . ""; + } + + if ( defined $myvar{'innodb_buffer_pool_chunk_size'} ) { + infoprint " +-- InnoDB Buffer Pool Chunk Size: " + . hr_bytes( $myvar{'innodb_buffer_pool_chunk_size'} ) . ""; + } + if ( defined $myvar{'innodb_additional_mem_pool_size'} ) { + infoprint " +-- InnoDB Additional Mem Pool: " + . hr_bytes( $myvar{'innodb_additional_mem_pool_size'} ) . ""; + } + if ( defined $myvar{'innodb_log_file_size'} ) { + infoprint " +-- InnoDB Log File Size: " + . hr_bytes( $myvar{'innodb_log_file_size'} ); + } + if ( defined $myvar{'innodb_log_files_in_group'} ) { + infoprint " +-- InnoDB Log File In Group: " + . $myvar{'innodb_log_files_in_group'}; + } + if ( defined $myvar{'innodb_log_files_in_group'} ) { + infoprint " +-- InnoDB Total Log File Size: " + . hr_bytes( $myvar{'innodb_log_files_in_group'} * + $myvar{'innodb_log_file_size'} ) + . "(" + . $mycalc{'innodb_log_size_pct'} + . " % of buffer pool)"; + } + if ( defined $myvar{'innodb_log_buffer_size'} ) { + infoprint " +-- InnoDB Log Buffer: " + . hr_bytes( $myvar{'innodb_log_buffer_size'} ); + } + if ( defined $mystat{'Innodb_buffer_pool_pages_free'} ) { + infoprint " +-- InnoDB Log Buffer Free: " + . hr_bytes( $mystat{'Innodb_buffer_pool_pages_free'} ) . ""; + } + if ( defined $mystat{'Innodb_buffer_pool_pages_total'} ) { + infoprint " +-- InnoDB Log Buffer Used: " + . hr_bytes( $mystat{'Innodb_buffer_pool_pages_total'} ) . ""; + } + } + if ( defined $myvar{'innodb_thread_concurrency'} ) { + infoprint "InnoDB Thread Concurrency: " + . $myvar{'innodb_thread_concurrency'}; + } + + # InnoDB Buffer Pool Size + if ( $myvar{'innodb_file_per_table'} eq "ON" ) { + goodprint "InnoDB File per table is activated"; + } + else { + badprint "InnoDB File per table is not activated"; + push( @adjvars, "innodb_file_per_table=ON" ); + } + + # InnoDB Buffer Pool Size + if ( $myvar{'innodb_buffer_pool_size'} > $enginestats{'InnoDB'} ) { + goodprint "InnoDB buffer pool / data size: " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" + . hr_bytes( $enginestats{'InnoDB'} ) . ""; + } + else { + badprint "InnoDB buffer pool / data size: " + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) . "/" + . hr_bytes( $enginestats{'InnoDB'} ) . ""; + push( @adjvars, + "innodb_buffer_pool_size (>= " + . hr_bytes( $enginestats{'InnoDB'} ) + . ") if possible." ); + } + if ( $mycalc{'innodb_log_size_pct'} < 20 + or $mycalc{'innodb_log_size_pct'} > 30 ) + { + badprint "Ratio InnoDB log file size / InnoDB Buffer pool size (" + . $mycalc{'innodb_log_size_pct'} . " %): " + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . "/" + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + push( + @adjvars, + "innodb_log_file_size should be (=" + . hr_bytes_rnd( + $myvar{'innodb_buffer_pool_size'} / + $myvar{'innodb_log_files_in_group'} / 4 + ) + . ") if possible, so InnoDB total log files size equals to 25% of buffer pool size." + ); + push( @generalrec, +"Before changing innodb_log_file_size and/or innodb_log_files_in_group read this: https://bit.ly/2TcGgtU" + ); + } + else { + goodprint "Ratio InnoDB log file size / InnoDB Buffer pool size: " + . hr_bytes( $myvar{'innodb_log_file_size'} ) . " * " + . $myvar{'innodb_log_files_in_group'} . "/" + . hr_bytes( $myvar{'innodb_buffer_pool_size'} ) + . " should be equal to 25%"; + } + + # InnoDB Buffer Pool Instances (MySQL 5.6.6+) + if ( defined( $myvar{'innodb_buffer_pool_instances'} ) ) { + + # Bad Value if > 64 + if ( $myvar{'innodb_buffer_pool_instances'} > 64 ) { + badprint "InnoDB buffer pool instances: " + . $myvar{'innodb_buffer_pool_instances'} . ""; + push( @adjvars, "innodb_buffer_pool_instances (<= 64)" ); + } + + # InnoDB Buffer Pool Size > 1Go + if ( $myvar{'innodb_buffer_pool_size'} > 1024 * 1024 * 1024 ) { + +# InnoDB Buffer Pool Size / 1Go = InnoDB Buffer Pool Instances limited to 64 max. + + # InnoDB Buffer Pool Size > 64Go + my $max_innodb_buffer_pool_instances = + int( $myvar{'innodb_buffer_pool_size'} / ( 1024 * 1024 * 1024 ) ); + $max_innodb_buffer_pool_instances = 64 + if ( $max_innodb_buffer_pool_instances > 64 ); + + if ( $myvar{'innodb_buffer_pool_instances'} != + $max_innodb_buffer_pool_instances ) + { + badprint "InnoDB buffer pool instances: " + . $myvar{'innodb_buffer_pool_instances'} . ""; + push( @adjvars, + "innodb_buffer_pool_instances(=" + . $max_innodb_buffer_pool_instances + . ")" ); + } + else { + goodprint "InnoDB buffer pool instances: " + . $myvar{'innodb_buffer_pool_instances'} . ""; + } + + # InnoDB Buffer Pool Size < 1Go + } + else { + if ( $myvar{'innodb_buffer_pool_instances'} != 1 ) { + badprint +"InnoDB buffer pool <= 1G and Innodb_buffer_pool_instances(!=1)."; + push( @adjvars, "innodb_buffer_pool_instances (=1)" ); + } + else { + goodprint "InnoDB buffer pool instances: " + . $myvar{'innodb_buffer_pool_instances'} . ""; + } + } + } + + # InnoDB Used Buffer Pool Size vs CHUNK size + if ( !defined( $myvar{'innodb_buffer_pool_chunk_size'} ) ) { + infoprint + "InnoDB Buffer Pool Chunk Size not used or defined in your version"; + } + else { + infoprint "Number of InnoDB Buffer Pool Chunk : " + . int( $myvar{'innodb_buffer_pool_size'} ) / + int( $myvar{'innodb_buffer_pool_chunk_size'} ) . " for " + . $myvar{'innodb_buffer_pool_instances'} + . " Buffer Pool Instance(s)"; + + if ( + int( $myvar{'innodb_buffer_pool_size'} ) % ( + int( $myvar{'innodb_buffer_pool_chunk_size'} ) * + int( $myvar{'innodb_buffer_pool_instances'} ) + ) eq 0 + ) + { + goodprint +"Innodb_buffer_pool_size aligned with Innodb_buffer_pool_chunk_size & Innodb_buffer_pool_instances"; + } + else { + badprint +"Innodb_buffer_pool_size aligned with Innodb_buffer_pool_chunk_size & Innodb_buffer_pool_instances"; + +#push( @adjvars, "Adjust innodb_buffer_pool_instances, innodb_buffer_pool_chunk_size with innodb_buffer_pool_size" ); + push( @adjvars, +"innodb_buffer_pool_size must always be equal to or a multiple of innodb_buffer_pool_chunk_size * innodb_buffer_pool_instances" + ); + } + } + + # InnoDB Read efficiency + if ( defined $mycalc{'pct_read_efficiency'} + && $mycalc{'pct_read_efficiency'} < 90 ) + { + badprint "InnoDB Read buffer efficiency: " + . $mycalc{'pct_read_efficiency'} . "% (" + . ( $mystat{'Innodb_buffer_pool_read_requests'} - + $mystat{'Innodb_buffer_pool_reads'} ) + . " hits/ " + . $mystat{'Innodb_buffer_pool_read_requests'} + . " total)"; + } + else { + goodprint "InnoDB Read buffer efficiency: " + . $mycalc{'pct_read_efficiency'} . "% (" + . ( $mystat{'Innodb_buffer_pool_read_requests'} - + $mystat{'Innodb_buffer_pool_reads'} ) + . " hits/ " + . $mystat{'Innodb_buffer_pool_read_requests'} + . " total)"; + } + + # InnoDB Write efficiency + if ( defined $mycalc{'pct_write_efficiency'} + && $mycalc{'pct_write_efficiency'} < 90 ) + { + badprint "InnoDB Write Log efficiency: " + . abs( $mycalc{'pct_write_efficiency'} ) . "% (" + . abs( $mystat{'Innodb_log_write_requests'} - + $mystat{'Innodb_log_writes'} ) + . " hits/ " + . $mystat{'Innodb_log_write_requests'} + . " total)"; + } + else { + goodprint "InnoDB Write log efficiency: " + . $mycalc{'pct_write_efficiency'} . "% (" + . ( $mystat{'Innodb_log_write_requests'} - + $mystat{'Innodb_log_writes'} ) + . " hits/ " + . $mystat{'Innodb_log_write_requests'} + . " total)"; + } + + # InnoDB Log Waits + if ( defined $mystat{'Innodb_log_waits'} + && $mystat{'Innodb_log_waits'} > 0 ) + { + badprint "InnoDB log waits: " + . percentage( $mystat{'Innodb_log_waits'}, + $mystat{'Innodb_log_writes'} ) + . "% (" + . $mystat{'Innodb_log_waits'} + . " waits / " + . $mystat{'Innodb_log_writes'} + . " writes)"; + push( @adjvars, + "innodb_log_buffer_size (>= " + . hr_bytes_rnd( $myvar{'innodb_log_buffer_size'} ) + . ")" ); + } + else { + goodprint "InnoDB log waits: " + . percentage( $mystat{'Innodb_log_waits'}, + $mystat{'Innodb_log_writes'} ) + . "% (" + . $mystat{'Innodb_log_waits'} + . " waits / " + . $mystat{'Innodb_log_writes'} + . " writes)"; + } + $result{'Calculations'} = {%mycalc}; +} + +sub check_metadata_perf { + subheaderprint "Analysis Performance Metrics"; + if ( defined $myvar{'innodb_stats_on_metadata'} ) { + infoprint "innodb_stats_on_metadata: " + . $myvar{'innodb_stats_on_metadata'}; + if ( $myvar{'innodb_stats_on_metadata'} eq 'ON' ) { + badprint "Stat are updated during querying INFORMATION_SCHEMA."; + push @adjvars, "SET innodb_stats_on_metadata = OFF"; + + #Disabling innodb_stats_on_metadata + select_one("SET GLOBAL innodb_stats_on_metadata = OFF;"); + return 1; + } + } + goodprint "No stat updates during querying INFORMATION_SCHEMA."; + return 0; +} + +# Recommendations for Database metrics +sub mysql_databases { + return if ( $opt{dbstat} == 0 ); + + subheaderprint "Database Metrics"; + unless ( mysql_version_ge( 5, 5 ) ) { + infoprint +"Skip Database metrics from information schema missing in this version"; + return; + } + + my @dblist = select_array( +"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" + ); + infoprint "There is " . scalar(@dblist) . " Database(s)."; + my @totaldbinfo = split /\s/, + select_one( +"SELECT SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" + ); + infoprint "All User Databases:"; + infoprint " +-- TABLE : " + . ( $totaldbinfo[4] eq 'NULL' ? 0 : $totaldbinfo[4] ) . ""; + infoprint " +-- ROWS : " + . ( $totaldbinfo[0] eq 'NULL' ? 0 : $totaldbinfo[0] ) . ""; + infoprint " +-- DATA : " + . hr_bytes( $totaldbinfo[1] ) . "(" + . percentage( $totaldbinfo[1], $totaldbinfo[3] ) . "%)"; + infoprint " +-- INDEX : " + . hr_bytes( $totaldbinfo[2] ) . "(" + . percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%)"; + infoprint " +-- SIZE : " . hr_bytes( $totaldbinfo[3] ) . ""; + infoprint " +-- COLLA : " + . ( $totaldbinfo[5] eq 'NULL' ? 0 : $totaldbinfo[5] ) . " (" + . ( + join ", ", + select_array( + "SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES;") + ) . ")"; + infoprint " +-- ENGIN : " + . ( $totaldbinfo[6] eq 'NULL' ? 0 : $totaldbinfo[6] ) . " (" + . ( + join ", ", + select_array("SELECT DISTINCT(ENGINE) FROM information_schema.TABLES;") + ) . ")"; + + $result{'Databases'}{'All databases'}{'Rows'} = + ( $totaldbinfo[0] eq 'NULL' ? 0 : $totaldbinfo[0] ); + $result{'Databases'}{'All databases'}{'Data Size'} = $totaldbinfo[1]; + $result{'Databases'}{'All databases'}{'Data Pct'} = + percentage( $totaldbinfo[1], $totaldbinfo[3] ) . "%"; + $result{'Databases'}{'All databases'}{'Index Size'} = $totaldbinfo[2]; + $result{'Databases'}{'All databases'}{'Index Pct'} = + percentage( $totaldbinfo[2], $totaldbinfo[3] ) . "%"; + $result{'Databases'}{'All databases'}{'Total Size'} = $totaldbinfo[3]; + print "\n" unless ( $opt{'silent'} or $opt{'json'} ); + + foreach (@dblist) { + my @dbinfo = split /\s/, + select_one( +"SELECT TABLE_SCHEMA, SUM(TABLE_ROWS), SUM(DATA_LENGTH), SUM(INDEX_LENGTH) , SUM(DATA_LENGTH+INDEX_LENGTH), COUNT(DISTINCT ENGINE),COUNT(TABLE_NAME),COUNT(DISTINCT(TABLE_COLLATION)),COUNT(DISTINCT(ENGINE)) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_' GROUP BY TABLE_SCHEMA ORDER BY TABLE_SCHEMA" + ); + next unless defined $dbinfo[0]; + infoprint "Database: " . $dbinfo[0] . ""; + infoprint " +-- TABLE: " + . ( !defined( $dbinfo[6] ) or $dbinfo[6] eq 'NULL' ? 0 : $dbinfo[6] ) + . ""; + infoprint " +-- COLL : " + . ( $dbinfo[7] eq 'NULL' ? 0 : $dbinfo[7] ) . " (" + . ( + join ", ", + select_array( +"SELECT DISTINCT(TABLE_COLLATION) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_';" + ) + ) . ")"; + infoprint " +-- ROWS : " + . ( !defined( $dbinfo[1] ) or $dbinfo[1] eq 'NULL' ? 0 : $dbinfo[1] ) + . ""; + infoprint " +-- DATA : " + . hr_bytes( $dbinfo[2] ) . "(" + . percentage( $dbinfo[2], $dbinfo[4] ) . "%)"; + infoprint " +-- INDEX: " + . hr_bytes( $dbinfo[3] ) . "(" + . percentage( $dbinfo[3], $dbinfo[4] ) . "%)"; + infoprint " +-- TOTAL: " . hr_bytes( $dbinfo[4] ) . ""; + infoprint " +-- ENGIN : " + . ( $dbinfo[8] eq 'NULL' ? 0 : $dbinfo[8] ) . " (" + . ( + join ", ", + select_array( +"SELECT DISTINCT(ENGINE) FROM information_schema.TABLES WHERE TABLE_SCHEMA='$_'" + ) + ) . ")"; + badprint "Index size is larger than data size for $dbinfo[0] \n" + if ( $dbinfo[2] ne 'NULL' ) + and ( $dbinfo[3] ne 'NULL' ) + and ( $dbinfo[2] < $dbinfo[3] ); + badprint "There are " . $dbinfo[5] . " storage engines. Be careful. \n" + if $dbinfo[5] > 1; + $result{'Databases'}{ $dbinfo[0] }{'Rows'} = $dbinfo[1]; + $result{'Databases'}{ $dbinfo[0] }{'Tables'} = $dbinfo[6]; + $result{'Databases'}{ $dbinfo[0] }{'Collations'} = $dbinfo[7]; + $result{'Databases'}{ $dbinfo[0] }{'Data Size'} = $dbinfo[2]; + $result{'Databases'}{ $dbinfo[0] }{'Data Pct'} = + percentage( $dbinfo[2], $dbinfo[4] ) . "%"; + $result{'Databases'}{ $dbinfo[0] }{'Index Size'} = $dbinfo[3]; + $result{'Databases'}{ $dbinfo[0] }{'Index Pct'} = + percentage( $dbinfo[3], $dbinfo[4] ) . "%"; + $result{'Databases'}{ $dbinfo[0] }{'Total Size'} = $dbinfo[4]; + + if ( $dbinfo[7] > 1 ) { + badprint $dbinfo[7] + . " different collations for database " + . $dbinfo[0]; + push( @generalrec, + "Check all table collations are identical for all tables in " + . $dbinfo[0] + . " database." ); + } + else { + goodprint $dbinfo[7] + . " collation for " + . $dbinfo[0] + . " database."; + } + if ( $dbinfo[8] > 1 ) { + badprint $dbinfo[8] + . " different engines for database " + . $dbinfo[0]; + push( @generalrec, + "Check all table engines are identical for all tables in " + . $dbinfo[0] + . " database." ); + } + else { + goodprint $dbinfo[8] . " engine for " . $dbinfo[0] . " database."; + } + + my @distinct_column_charset = select_array( +"select DISTINCT(CHARACTER_SET_NAME) from information_schema.COLUMNS where CHARACTER_SET_NAME IS NOT NULL AND TABLE_SCHEMA ='$_'" + ); + infoprint "Charsets for $dbinfo[0] database table column: " + . join( ', ', @distinct_column_charset ); + if ( scalar(@distinct_column_charset) > 1 ) { + badprint $dbinfo[0] + . " table column(s) has several charsets defined for all text like column(s)."; + push( @generalrec, + "Limit charset for column to one charset if possible for " + . $dbinfo[0] + . " database." ); + } + else { + goodprint $dbinfo[0] + . " table column(s) has same charset defined for all text like column(s)."; + } + + my @distinct_column_collation = select_array( +"select DISTINCT(COLLATION_NAME) from information_schema.COLUMNS where COLLATION_NAME IS NOT NULL AND TABLE_SCHEMA ='$_'" + ); + infoprint "Collations for $dbinfo[0] database table column: " + . join( ', ', @distinct_column_collation ); + if ( scalar(@distinct_column_collation) > 1 ) { + badprint $dbinfo[0] + . " table column(s) has several collations defined for all text like column(s)."; + push( @generalrec, + "Limit collations for column to one collation if possible for " + . $dbinfo[0] + . " database." ); + } + else { + goodprint $dbinfo[0] + . " table column(s) has same collation defined for all text like column(s)."; + } + } + +} + +# Recommendations for database columns +sub mysql_tables { + return if ( $opt{tbstat} == 0 ); + + subheaderprint "Table Column Metrics"; + unless ( mysql_version_ge( 5, 5 ) ) { + infoprint +"Skip Database metrics from information schema missing in this version"; + return; + } + my @dblist = select_array( +"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" + ); + foreach (@dblist) { + my $dbname = $_; + next unless defined $_; + infoprint "Database: " . $_ . ""; + my @dbtable = select_array( +"SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname' AND TABLE_TYPE='BASE TABLE' ORDER BY TABLE_NAME" + ); + foreach (@dbtable) { + my $tbname = $_; + infoprint " +-- TABLE: $tbname"; + my @tbcol = select_array( +"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" + ); + foreach (@tbcol) { + my $ctype = select_one( +"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " + ); + my $isnull = select_one( +"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " + ); + infoprint " +-- Column $tbname.$_:"; + my $current_type = + uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" ); + my $optimal_type = select_str_g( "Optimal_fieldtype", +"SELECT \\`$_\\` FROM \\`$dbname\\`.\\`$tbname\\` PROCEDURE ANALYSE(100000)" + ); + if ( not defined($optimal_type) or $optimal_type eq '' ) { + infoprint " Current Fieldtype: $current_type"; + infoprint " Optimal Fieldtype: Not available"; + } + elsif ( $current_type ne $optimal_type ) { + infoprint " Current Fieldtype: $current_type"; + infoprint " Optimal Fieldtype: $optimal_type"; + badprint +"Consider changing type for column $_ in table $dbname.$tbname"; + push( @generalrec, +"ALTER TABLE \`$dbname\`.\`$tbname\` MODIFY \`$_\` $optimal_type;" + ); + + } + else { + goodprint "$dbname.$tbname ($_) type: $current_type"; + } + } + } + + } +} + +# Recommendations for Indexes metrics +sub mysql_indexes { + return if ( $opt{idxstat} == 0 ); + + subheaderprint "Indexes Metrics"; + unless ( mysql_version_ge( 5, 5 ) ) { + infoprint + "Skip Index metrics from information schema missing in this version"; + return; + } + +# unless ( mysql_version_ge( 5, 6 ) ) { +# infoprint +#"Skip Index metrics from information schema due to erroneous information provided in this version"; +# return; +# } + my $selIdxReq = <<'ENDSQL'; +SELECT + CONCAT(CONCAT(t.TABLE_SCHEMA, '.'),t.TABLE_NAME) AS 'table' + , CONCAT(CONCAT(CONCAT(s.INDEX_NAME, '('),s.COLUMN_NAME), ')') AS 'index' + , s.SEQ_IN_INDEX AS 'seq' + , s2.max_columns AS 'maxcol' + , s.CARDINALITY AS 'card' + , t.TABLE_ROWS AS 'est_rows' + , INDEX_TYPE as type + , ROUND(((s.CARDINALITY / IFNULL(t.TABLE_ROWS, 0.01)) * 100), 2) AS 'sel' +FROM INFORMATION_SCHEMA.STATISTICS s + INNER JOIN INFORMATION_SCHEMA.TABLES t + ON s.TABLE_SCHEMA = t.TABLE_SCHEMA + AND s.TABLE_NAME = t.TABLE_NAME + INNER JOIN ( + SELECT + TABLE_SCHEMA + , TABLE_NAME + , INDEX_NAME + , MAX(SEQ_IN_INDEX) AS max_columns + FROM INFORMATION_SCHEMA.STATISTICS + WHERE TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema') + AND INDEX_TYPE <> 'FULLTEXT' + GROUP BY TABLE_SCHEMA, TABLE_NAME, INDEX_NAME + ) AS s2 + ON s.TABLE_SCHEMA = s2.TABLE_SCHEMA + AND s.TABLE_NAME = s2.TABLE_NAME + AND s.INDEX_NAME = s2.INDEX_NAME +WHERE t.TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema') +AND t.TABLE_ROWS > 10 +AND s.CARDINALITY IS NOT NULL +AND (s.CARDINALITY / IFNULL(t.TABLE_ROWS, 0.01)) < 8.00 +ORDER BY sel +LIMIT 10; +ENDSQL + my @idxinfo = select_array($selIdxReq); + infoprint "Worst selectivity indexes:"; + foreach (@idxinfo) { + debugprint "$_"; + my @info = split /\s/; + infoprint "Index: " . $info[1] . ""; + + infoprint " +-- COLUMN : " . $info[0] . ""; + infoprint " +-- NB SEQS : " . $info[2] . " sequence(s)"; + infoprint " +-- NB COLS : " . $info[3] . " column(s)"; + infoprint " +-- CARDINALITY : " . $info[4] . " distinct values"; + infoprint " +-- NB ROWS : " . $info[5] . " rows"; + infoprint " +-- TYPE : " . $info[6]; + infoprint " +-- SELECTIVITY : " . $info[7] . "%"; + + $result{'Indexes'}{ $info[1] }{'Column'} = $info[0]; + $result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2]; + $result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3]; + $result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4]; + $result{'Indexes'}{ $info[1] }{'Row number'} = $info[5]; + $result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6]; + $result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7]; + if ( $info[7] < 25 ) { + badprint "$info[1] has a low selectivity"; + } + } + + return + unless ( defined( $myvar{'performance_schema'} ) + and $myvar{'performance_schema'} eq 'ON' ); + + $selIdxReq = <<'ENDSQL'; +SELECT CONCAT(CONCAT(object_schema,'.'),object_name) AS 'table', index_name +FROM performance_schema.table_io_waits_summary_by_index_usage +WHERE index_name IS NOT NULL +AND count_star =0 +AND index_name <> 'PRIMARY' +AND object_schema != 'mysql' +ORDER BY count_star, object_schema, object_name; +ENDSQL + @idxinfo = select_array($selIdxReq); + infoprint "Unused indexes:"; + push( @generalrec, "Remove unused indexes." ) if ( scalar(@idxinfo) > 0 ); + foreach (@idxinfo) { + debugprint "$_"; + my @info = split /\s/; + badprint "Index: $info[1] on $info[0] is not used."; + push @{ $result{'Indexes'}{'Unused Indexes'} }, + $info[0] . "." . $info[1]; + } +} + +# Take the two recommendation arrays and display them at the end of the output +sub make_recommendations { + $result{'Recommendations'} = \@generalrec; + $result{'Adjust variables'} = \@adjvars; + subheaderprint "Recommendations"; + if ( @generalrec > 0 ) { + prettyprint "General recommendations:"; + foreach (@generalrec) { prettyprint " " . $_ . ""; } + } + if ( @adjvars > 0 ) { + prettyprint "Variables to adjust:"; + if ( $mycalc{'pct_max_physical_memory'} > 90 ) { + prettyprint + " *** MySQL's maximum memory usage is dangerously high ***\n" + . " *** Add RAM before increasing MySQL buffer variables ***"; + } + foreach (@adjvars) { prettyprint " " . $_ . ""; } + } + if ( @generalrec == 0 && @adjvars == 0 ) { + prettyprint "No additional performance recommendations are available."; + } +} + +sub close_outputfile { + close($fh) if defined($fh); +} + +sub headerprint { + prettyprint + " >> MySQLTuner $tunerversion - Major Hayden \n" + . " >> Bug reports, feature requests, and downloads at http://mysqltuner.com/\n" + . " >> Run with '--help' for additional options and output filtering"; +} + +sub string2file { + my $filename = shift; + my $content = shift; + open my $fh, q(>), $filename + or die +"Unable to open $filename in write mode. Please check permissions for this file or directory"; + print $fh $content if defined($content); + close $fh; + debugprint $content if ( $opt{'debug'} ); +} + +sub file2array { + my $filename = shift; + debugprint "* reading $filename" if ( $opt{'debug'} ); + my $fh; + open( $fh, q(<), "$filename" ) + or die "Couldn't open $filename for reading: $!\n"; + my @lines = <$fh>; + close($fh); + return @lines; +} + +sub file2string { + return join( '', file2array(@_) ); +} + +my $templateModel; +if ( $opt{'template'} ne 0 ) { + $templateModel = file2string( $opt{'template'} ); +} +else { + # DEFAULT REPORT TEMPLATE + $templateModel = <<'END_TEMPLATE'; + + + + MySQLTuner Report + + + + +

Result output

+
+{$data}
+
+ + + +END_TEMPLATE +} + +sub dump_result { + debugprint Dumper( \%result ) if ( $opt{'debug'} ); + debugprint "HTML REPORT: $opt{'reportfile'}"; + + if ( $opt{'reportfile'} ne 0 ) { + eval { require Text::Template }; + eval { require JSON }; + if ($@) { + badprint "Text::Template Module is needed."; + die "Text::Template Module is needed."; + } + + my $json = JSON->new->allow_nonref; + my $json_text = $json->pretty->encode( \%result ); + my %vars = ( + 'data' => \%result, + 'debug' => $json_text, + ); + my $template; + { + no warnings 'once'; + $template = Text::Template->new( + TYPE => 'STRING', + PREPEND => q{;}, + SOURCE => $templateModel, + DELIMITERS => [ '[%', '%]' ] + ) or die "Couldn't construct template: $Text::Template::ERROR"; + } + + open my $fh, q(>), $opt{'reportfile'} + or die +"Unable to open $opt{'reportfile'} in write mode. please check permissions for this file or directory"; + $template->fill_in( HASH => \%vars, OUTPUT => $fh ); + close $fh; + } + + if ( $opt{'json'} ne 0 ) { + eval { require JSON }; + if ($@) { + print "$bad JSON Module is needed.\n"; + return 1; + } + + my $json = JSON->new->allow_nonref; + print $json->utf8(1)->pretty( ( $opt{'prettyjson'} ? 1 : 0 ) ) + ->encode( \%result ); + + if ( $opt{'outputfile'} ne 0 ) { + unlink $opt{'outputfile'} if ( -e $opt{'outputfile'} ); + open my $fh, q(>), $opt{'outputfile'} + or die +"Unable to open $opt{'outputfile'} in write mode. please check permissions for this file or directory"; + print $fh $json->utf8(1)->pretty( ( $opt{'prettyjson'} ? 1 : 0 ) ) + ->encode( \%result ); + close $fh; + } + } +} + +sub which { + my $prog_name = shift; + my $path_string = shift; + my @path_array = split /:/, $ENV{'PATH'}; + + for my $path (@path_array) { + return "$path/$prog_name" if ( -x "$path/$prog_name" ); + } + + return 0; +} + +# --------------------------------------------------------------------------- +# BEGIN 'MAIN' +# --------------------------------------------------------------------------- +headerprint; # Header Print + +validate_tuner_version; # Check last version +mysql_setup; # Gotta login first +debugprint "MySQL FINAL Client : $mysqlcmd $mysqllogin"; +debugprint "MySQL Admin FINAL Client : $mysqladmincmd $mysqllogin"; + +#exit(0); +os_setup; # Set up some OS variables +get_all_vars; # Toss variables/status into hashes +get_tuning_info; # Get information about the tuning connexion +validate_mysql_version; # Check current MySQL version + +check_architecture; # Suggest 64-bit upgrade +system_recommendations; # avoid to many service on the same host +log_file_recommendations; # check log file content +check_storage_engines; # Show enabled storage engines + +check_metadata_perf; # Show parameter impacting performance during analysis +mysql_databases; # Show informations about databases +mysql_tables; # Show informations about table column + +mysql_indexes; # Show informations about indexes +security_recommendations; # Display some security recommendations +cve_recommendations; # Display related CVE +calculations; # Calculate everything we need +mysql_stats; # Print the server stats +mysqsl_pfs; # Print Performance schema info +mariadb_threadpool; # Print MariaDB ThreadPool stats +mysql_myisam; # Print MyISAM stats +mysql_innodb; # Print InnoDB stats +mariadb_ariadb; # Print MariaDB AriaDB stats +mariadb_tokudb; # Print MariaDB Tokudb stats +mariadb_xtradb; # Print MariaDB XtraDB stats + +#mariadb_rockdb; # Print MariaDB RockDB stats +#mariadb_spider; # Print MariaDB Spider stats +#mariadb_connect; # Print MariaDB Connect stats +mariadb_galera; # Print MariaDB Galera Cluster stats +get_replication_status; # Print replication info +make_recommendations; # Make recommendations based on stats +dump_result; # Dump result if debug is on +close_outputfile; # Close reportfile if needed + +# --------------------------------------------------------------------------- +# END 'MAIN' +# --------------------------------------------------------------------------- +1; + +__END__ + +=pod + +=encoding UTF-8 + +=head1 NAME + + MySQLTuner 1.7.15 - MySQL High Performance Tuning Script + +=head1 IMPORTANT USAGE GUIDELINES + +To run the script with the default options, run the script without arguments +Allow MySQL server to run for at least 24-48 hours before trusting suggestions +Some routines may require root level privileges (script will provide warnings) +You must provide the remote server's total memory when connecting to other servers + +=head1 CONNECTION AND AUTHENTICATION + + --host Connect to a remote host to perform tests (default: localhost) + --socket Use a different socket for a local connection + --port Port to use for connection (default: 3306) + --user Username to use for authentication + --userenv Name of env variable which contains username to use for authentication + --pass Password to use for authentication + --passenv Name of env variable which contains password to use for authentication + --ssl-ca Path to public key + --mysqladmin Path to a custom mysqladmin executable + --mysqlcmd Path to a custom mysql executable + --defaults-file Path to a custom .my.cnf + +=head1 PERFORMANCE AND REPORTING OPTIONS + + --skipsize Don't enumerate tables and their types/sizes (default: on) + (Recommended for servers with many tables) + --skippassword Don't perform checks on user passwords(default: off) + --checkversion Check for updates to MySQLTuner (default: don't check) + --updateversion Check for updates to MySQLTuner and update when newer version is available (default: don't check) + --forcemem Amount of RAM installed in megabytes + --forceswap Amount of swap memory configured in megabytes + --passwordfile Path to a password file list(one password by line) + +=head1 OUTPUT OPTIONS + + --silent Don't output anything on screen + --nogood Remove OK responses + --nobad Remove negative/suggestion responses + --noinfo Remove informational responses + --debug Print debug information + --noprocess Consider no other process is running + --dbstat Print database information + --nodbstat Don't Print database information + --tbstat Print table information + --notbstat Don't Print table information + --idxstat Print index information + --noidxstat Don't Print index information + --sysstat Print system information + --nosysstat Don't Print system information + --pfstat Print Performance schema + --nopfstat Don't Print Performance schema + --verbose Prints out all options (default: no verbose, dbstat, idxstat, sysstat, tbstat, pfstat) + --bannedports Ports banned separated by comma(,) + --maxportallowed Number of ports opened allowed on this hosts + --cvefile CVE File for vulnerability checks + --nocolor Don't print output in color + --json Print result as JSON string + --buffers Print global and per-thread buffer values + --outputfile Path to a output txt file + --reportfile Path to a report txt file + --template Path to a template file + + +=head1 PERLDOC + +You can find documentation for this module with the perldoc command. + + perldoc mysqltuner + +=head2 INTERNALS + +L + + Internal documentation + +=head1 AUTHORS + +Major Hayden - major@mhtx.net + +=head1 CONTRIBUTORS + +=over 4 + +=item * + +Matthew Montgomery + +=item * + +Paul Kehrer + +=item * + +Dave Burgess + +=item * + +Jonathan Hinds + +=item * + +Mike Jackson + +=item * + +Nils Breunese + +=item * + +Shawn Ashlee + +=item * + +Luuk Vosslamber + +=item * + +Ville Skytta + +=item * + +Trent Hornibrook + +=item * + +Jason Gill + +=item * + +Mark Imbriaco + +=item * + +Greg Eden + +=item * + +Aubin Galinotti + +=item * + +Giovanni Bechis + +=item * + +Bill Bradford + +=item * + +Ryan Novosielski + +=item * + +Michael Scheidell + +=item * + +Blair Christensen + +=item * + +Hans du Plooy + +=item * + +Victor Trac + +=item * + +Everett Barnes + +=item * + +Tom Krouper + +=item * + +Gary Barrueto + +=item * + +Simon Greenaway + +=item * + +Adam Stein + +=item * + +Isart Montane + +=item * + +Baptiste M. + +=item * + +Cole Turner + +=item * + +Major Hayden + +=item * + +Joe Ashcraft + +=item * + +Jean-Marie Renouard + +=item * + +Stephan GroBberndt + +=item * + +Christian Loos + +=back + +=head1 SUPPORT + + +Bug reports, feature requests, and downloads at http://mysqltuner.com/ + +Bug tracker can be found at https://github.com/major/MySQLTuner-perl/issues + +Maintained by Major Hayden (major\@mhtx.net) - Licensed under GPL + +=head1 SOURCE CODE + +L + + git clone https://github.com/major/MySQLTuner-perl.git + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2006-2018 Major Hayden - major@mhtx.net + +For the latest updates, please visit http://mysqltuner.com/ + +Git repository available at https://github.com/major/MySQLTuner-perl + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, either version 3 of the License, or +(at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see . + +=cut + +# Local variables: +# indent-tabs-mode: t +# cperl-indent-level: 8 +# perl-indent-level: 8 +# End: diff --git a/vulnerabilities.csv b/vulnerabilities.csv index d383fdd..6447bac 100755 --- a/vulnerabilities.csv +++ b/vulnerabilities.csv @@ -1,869 +1,869 @@ -4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; -4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; -3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; -4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; -4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; -4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; -5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; -6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; -5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; -6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; -5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; -1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; -5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; -5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; -5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; -5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; -5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64838";Assigned (20101007);"None (candidate not yet proposed)"; -0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77060";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77063";Assigned (20120316);"None (candidate not yet proposed)"; -5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77062";Assigned (20120316);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79387";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79384";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79390";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; -5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; -5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; -5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.1.67;5;1;67;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1526;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.1.66;5;1;66;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.28;5;5;28;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; -5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85719";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3796;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61233 | URL:http://www.securityfocus.com/bid/61233 | OSVDB:95329 | URL:http://osvdb.org/95329";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85713";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85721";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85724";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85722";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; -5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63113 | URL:http://www.securityfocus.com/bid/63113 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63119 | URL:http://www.securityfocus.com/bid/63119 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63107 | URL:http://www.securityfocus.com/bid/63107 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90373";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90377";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90374";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90376";Assigned (20130918);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; -02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90383";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90387";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90384";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90375";Assigned (20131212);"None (candidate not yet proposed)"; -5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94624";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94627";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94625";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94623";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94626";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100190";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100188";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100187";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; -2.2.12;2;2;12;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; -2.2.8;2;2;8;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; -5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; -5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; -5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; -3.16.0;3;16;0;CVE-2016-10550;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters; a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.";"MISC:https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03 | MISC:https://nodesecurity.io/advisories/112";Assigned (20171029);"None (candidate not yet proposed)"; -2.1.3;2;1;3;CVE-2016-10553;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.";"MISC:https://github.com/sequelize/sequelize/blob/master/changelog.md#300 | MISC:https://nodesecurity.io/advisories/109";Assigned (20171029);"None (candidate not yet proposed)"; -1.7.-1;1;7;-1;CVE-2016-10554;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3; sequelize defaulted SQLite to use MySQL backslash escaping; even though SQLite uses Postgres escaping.";"MISC:https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d | MISC:https://nodesecurity.io/advisories/113";Assigned (20171029);"None (candidate not yet proposed)"; -3.19.3;3;19;3;CVE-2016-10556;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres; SQLite; and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier; where a malicious user could put `[""test""; ""'); DELETE TestTable WHERE Id = 1 --')""]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)'; { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test'; '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres; MSSQL; and SQLite; the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.";"MISC:https://github.com/sequelize/sequelize/issues/5671 | MISC:https://nodesecurity.io/advisories/102";Assigned (20171029);"None (candidate not yet proposed)"; -5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; -3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; -5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; -7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; -5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10165;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101424 | URL:http://www.securityfocus.com/bid/101424 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10167;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101433 | URL:http://www.securityfocus.com/bid/101433 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-10284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101385 | URL:http://www.securityfocus.com/bid/101385 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-10296;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101373 | URL:http://www.securityfocus.com/bid/101373 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10311;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101446 | URL:http://www.securityfocus.com/bid/101446 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101448 | URL:http://www.securityfocus.com/bid/101448 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101410 | URL:http://www.securityfocus.com/bid/101410 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-10365;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101429 | URL:http://www.securityfocus.com/bid/101429 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; -10.1.29;10;1;29;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; -10.2.9;10;2;9;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; -5.0.-1;5;0;-1;CVE-2017-16540;Candidate;"OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.";"MISC:http://www.open-emr.org/wiki/index.php/OpenEMR_Patches | MISC:https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html | BID:101983 | URL:http://www.securityfocus.com/bid/101983";Assigned (20171104);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95538 | URL:http://www.securityfocus.com/bid/95538 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95482 | URL:http://www.securityfocus.com/bid/95482 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95486 | URL:http://www.securityfocus.com/bid/95486 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95479 | URL:http://www.securityfocus.com/bid/95479 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95470 | URL:http://www.securityfocus.com/bid/95470 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99746 | URL:http://www.securityfocus.com/bid/99746 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3637;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99748 | URL:http://www.securityfocus.com/bid/99748 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3638;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99778 | URL:http://www.securityfocus.com/bid/99778 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3639;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99753 | URL:http://www.securityfocus.com/bid/99753 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99765 | URL:http://www.securityfocus.com/bid/99765 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3642;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99779 | URL:http://www.securityfocus.com/bid/99779 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3643;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99772 | URL:http://www.securityfocus.com/bid/99772 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99775 | URL:http://www.securityfocus.com/bid/99775 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99783 | URL:http://www.securityfocus.com/bid/99783 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.16;5;7;16;CVE-2017-3646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99786 | URL:http://www.securityfocus.com/bid/99786 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3650;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99808 | URL:http://www.securityfocus.com/bid/99808 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102712 | URL:http://www.securityfocus.com/bid/102712 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102695 | URL:http://www.securityfocus.com/bid/102695 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102700 | URL:http://www.securityfocus.com/bid/102700 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102696 | URL:http://www.securityfocus.com/bid/102696 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102703 | URL:http://www.securityfocus.com/bid/102703 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102685 | URL:http://www.securityfocus.com/bid/102685 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2759;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103780 | URL:http://www.securityfocus.com/bid/103780 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2762;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103794 | URL:http://www.securityfocus.com/bid/103794 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.60;5;5;60;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2769;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103876 | URL:http://www.securityfocus.com/bid/103876 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2775;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103777 | URL:http://www.securityfocus.com/bid/103777 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2776;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103791 | URL:http://www.securityfocus.com/bid/103791 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2777;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103781 | URL:http://www.securityfocus.com/bid/103781 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103785 | URL:http://www.securityfocus.com/bid/103785 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2779;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103787 | URL:http://www.securityfocus.com/bid/103787 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2780;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103778 | URL:http://www.securityfocus.com/bid/103778 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2786;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103779 | URL:http://www.securityfocus.com/bid/103779 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | BID:103831 | URL:http://www.securityfocus.com/bid/103831 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2810;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103783 | URL:http://www.securityfocus.com/bid/103783 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2812;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103836 | URL:http://www.securityfocus.com/bid/103836 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2816;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103789 | URL:http://www.securityfocus.com/bid/103789 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.59;5;5;59;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.39;5;6;39;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2839;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103845 | URL:http://www.securityfocus.com/bid/103845 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.21;5;7;21;CVE-2018-2846;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103790 | URL:http://www.securityfocus.com/bid/103790 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.60;5;5;60;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3061;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104785 | URL:http://www.securityfocus.com/bid/104785 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.60;5;5;60;CVE-2018-3063;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104786 | URL:http://www.securityfocus.com/bid/104786 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.60;5;5;60;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3067;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.5.60;5;5;60;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.6.40;5;6;40;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3071;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104784 | URL:http://www.securityfocus.com/bid/104784 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3073;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3074;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3075;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -5.7.22;5;7;22;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3078;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3079;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3080;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3082;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -8.0.11;8;0;11;CVE-2018-3084;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104788 | URL:http://www.securityfocus.com/bid/104788 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; -0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)"; +4.0.20;4;0;20;CVE-2004-0457;Candidate;"The mysqlhotcopy script in mysql 4.0.20 and earlier; when using the scp method from the mysql-server package; allows local users to overwrite arbitrary files via a symlink attack on temporary files.";"DEBIAN:DSA-540 | URL:http://www.debian.org/security/2004/dsa-540 | CONFIRM:http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | OVAL:oval:org.mitre.oval:def:10693 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10693 | XF:mysql-mysqlhotcopy-insecure-file(17030) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17030";Assigned (20040506);"None (candidate not yet proposed)"; +4.0.20;4;0;20;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; +3.23.48;3;23;48;CVE-2004-0836;Candidate;"Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21; and 3.x before 3.23.49; allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).";"CONECTIVA:CLA-2004:892 | URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000892 | DEBIAN:DSA-562 | URL:http://www.debian.org/security/2004/dsa-562 | GENTOO:GLSA-200410-22 | URL:http://www.gentoo.org/security/en/glsa/glsa-200410-22.xml | MISC:http://bugs.mysql.com/bug.php?id=4017 | MISC:http://lists.mysql.com/internals/14726 | REDHAT:RHSA-2004:597 | URL:http://www.redhat.com/support/errata/RHSA-2004-597.html | REDHAT:RHSA-2004:611 | URL:http://www.redhat.com/support/errata/RHSA-2004-611.html | TRUSTIX:2004-0054 | URL:http://www.trustix.org/errata/2004/0054/ | BUGTRAQ:20041125 [USN-32-1] mysql vulnerabilities | URL:http://marc.info/?l=bugtraq&m=110140517515735&w=2 | CIAC:P-018 | URL:http://www.ciac.org/ciac/bulletins/p-018.shtml | BID:10981 | URL:http://www.securityfocus.com/bid/10981 | SECUNIA:12305 | URL:http://secunia.com/advisories/12305/ | XF:mysql-realconnect-bo(17047) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/17047";Assigned (20040908);"None (candidate not yet proposed)"; +4.1.9;4;1;9;CVE-2005-0799;Candidate;"MySQL 4.1.9; and possibly earlier versions; allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.";"BUGTRAQ:20050315 Denial of Service Vulnerability in MySQL Server for Windows | URL:http://marc.info/?l=bugtraq&m=111091250923281&w=2 | CONFIRM:http://bugs.mysql.com/bug.php?id=9148 | SECUNIA:14564 | URL:http://secunia.com/advisories/14564";Assigned (20050320);"None (candidate not yet proposed)"; +4.1.20;4;1;20;CVE-2006-3469;Candidate;"Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function; which is later used in a formatted print call to display the error message.";"MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375694 | MISC:http://bugs.mysql.com/bug.php?id=20729 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html | CONFIRM:http://docs.info.apple.com/article.html?artnum=305214 | APPLE:APPLE-SA-2007-03-13 | URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | DEBIAN:DSA-1112 | URL:http://www.debian.org/security/2006/dsa-1112 | GENTOO:GLSA-200608-09 | URL:http://security.gentoo.org/glsa/glsa-200608-09.xml | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | UBUNTU:USN-321-1 | URL:http://www.ubuntu.com/usn/usn-321-1 | CERT:TA07-072A | URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html | BID:19032 | URL:http://www.securityfocus.com/bid/19032 | OVAL:oval:org.mitre.oval:def:9827 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9827 | VUPEN:ADV-2007-0930 | URL:http://www.vupen.com/english/advisories/2007/0930 | SECUNIA:21147 | URL:http://secunia.com/advisories/21147 | SECUNIA:21366 | URL:http://secunia.com/advisories/21366 | SECUNIA:24479 | URL:http://secunia.com/advisories/24479 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226";Assigned (20060710);"None (candidate not yet proposed)"; +4.1.22;4;1;22;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.41;5;0;41;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2691;Candidate;"MySQL before 4.1.23; 5.0.x before 5.0.42; and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements; which allows remote authenticated users to rename arbitrary tables.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27515 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:139 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:139 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0768 | URL:http://www.redhat.com/support/errata/RHSA-2008-0768.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:24016 | URL:http://www.securityfocus.com/bid/24016 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OSVDB:34766 | URL:http://osvdb.org/34766 | OVAL:oval:org.mitre.oval:def:9559 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9559 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1018069 | URL:http://www.securitytracker.com/id?1018069 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:25946 | URL:http://secunia.com/advisories/25946 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:31226 | URL:http://secunia.com/advisories/31226 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222 | XF:mysql-renametable-weak-security(34347) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34347";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.39;5;0;39;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.1.17;5;1;17;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-2692;Candidate;"The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines; which allows remote authenticated users to gain privileges.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=27337 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-18.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:24011 | URL:http://www.securityfocus.com/bid/24011 | OSVDB:34765 | URL:http://osvdb.org/34765 | OVAL:oval:org.mitre.oval:def:9166 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9166 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351 | VUPEN:ADV-2007-1804 | URL:http://www.vupen.com/english/advisories/2007/1804 | SECTRACK:1018070 | URL:http://www.securitytracker.com/id?1018070 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | XF:mysql-changedb-privilege-escalation(34348) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/34348";Assigned (20070515);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3780;Candidate;"MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=28984 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2007:0875 | URL:http://www.redhat.com/support/errata/RHSA-2007-0875.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:36732 | URL:http://osvdb.org/36732 | OVAL:oval:org.mitre.oval:def:11058 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11058 | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | SECTRACK:1018629 | URL:http://www.securitytracker.com/id?1018629 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26621 | URL:http://secunia.com/advisories/26621 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3781;Candidate;"MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement; which allows remote authenticated users to obtain sensitive information such as the table structure.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | MISC:http://bugs.mysql.com/bug.php?id=25578 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200708-10 | URL:http://security.gentoo.org/glsa/glsa-200708-10.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OSVDB:37783 | URL:http://osvdb.org/37783 | OVAL:oval:org.mitre.oval:def:9195 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9195 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26498 | URL:http://secunia.com/advisories/26498 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.44;5;0;44;CVE-2007-3782;Candidate;"MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.";"BUGTRAQ:20070717 rPSA-2007-0143-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/473874/100/0/threaded | MLIST:[announce] 20070712 MySQL Community Server 5.0.45 has been released! | URL:http://lists.mysql.com/announce/470 | CONFIRM:https://issues.rpath.com/browse/RPL-1536 | CONFIRM:http://bugs.mysql.com/bug.php?id=27878 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-45.html | DEBIAN:DSA-1413 | URL:http://www.debian.org/security/2007/dsa-1413 | MANDRIVA:MDKSA-2007:177 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:177 | REDHAT:RHSA-2007:0894 | URL:http://www.redhat.com/support/errata/RHSA-2007-0894.html | REDHAT:RHSA-2008:0364 | URL:http://www.redhat.com/support/errata/RHSA-2008-0364.html | SUSE:SUSE-SR:2007:019 | URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html | UBUNTU:USN-528-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-528-1 | BID:25017 | URL:http://www.securityfocus.com/bid/25017 | OVAL:oval:org.mitre.oval:def:10563 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10563 | SECTRACK:1018663 | URL:http://securitytracker.com/id?1018663 | SECUNIA:26073 | URL:http://secunia.com/advisories/26073 | SECUNIA:26710 | URL:http://secunia.com/advisories/26710 | SECUNIA:25301 | URL:http://secunia.com/advisories/25301 | SECUNIA:26987 | URL:http://secunia.com/advisories/26987 | SECUNIA:27155 | URL:http://secunia.com/advisories/27155 | SECUNIA:26430 | URL:http://secunia.com/advisories/26430 | SECUNIA:27823 | URL:http://secunia.com/advisories/27823 | SECUNIA:30351 | URL:http://secunia.com/advisories/30351";Assigned (20070715);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.0.51;5;0;51;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-5969;Candidate;"MySQL Community Server 5.0.x before 5.0.51; Enterprise Server 5.0.x before 5.0.52; Server 5.1.x before 5.1.23; and Server 6.0.x before 6.0.4; when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options; allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.";"BUGTRAQ:20080117 rPSA-2008-0018-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/486477/100/0/threaded | MLIST:[Announcements] 20071206 MySQL 5.0.51 has been released | URL:http://lists.mysql.com/announce/495 | CONFIRM:http://bugs.mysql.com/32111 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://forums.mysql.com/read.php?3;186931;186931 | CONFIRM:https://issues.rpath.com/browse/RPL-1999 | CONFIRM:http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html | CONFIRM:http://support.apple.com/kb/HT3216 | APPLE:APPLE-SA-2008-10-09 | URL:http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDKSA-2007:243 | URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:243 | REDHAT:RHSA-2007:1155 | URL:http://www.redhat.com/support/errata/RHSA-2007-1155.html | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SLACKWARE:SSA:2007-348-01 | URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.428959 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26765 | URL:http://www.securityfocus.com/bid/26765 | BID:31681 | URL:http://www.securityfocus.com/bid/31681 | OVAL:oval:org.mitre.oval:def:10509 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10509 | VUPEN:ADV-2007-4142 | URL:http://www.vupen.com/english/advisories/2007/4142 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | VUPEN:ADV-2008-1000 | URL:http://www.vupen.com/english/advisories/2008/1000/references | VUPEN:ADV-2008-2780 | URL:http://www.vupen.com/english/advisories/2008/2780 | SECTRACK:1019060 | URL:http://www.securitytracker.com/id?1019060 | SECUNIA:27981 | URL:http://secunia.com/advisories/27981 | SECUNIA:28040 | URL:http://secunia.com/advisories/28040 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28108 | URL:http://secunia.com/advisories/28108 | SECUNIA:28099 | URL:http://secunia.com/advisories/28099 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28559 | URL:http://secunia.com/advisories/28559 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | SECUNIA:32222 | URL:http://secunia.com/advisories/32222";Assigned (20071114);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6303;Candidate;"MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered; which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29908 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | FEDORA:FEDORA-2007-4465 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00467.html | FEDORA:FEDORA-2007-4471 | URL:https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00475.html | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | REDHAT:RHSA-2007:1157 | URL:http://www.redhat.com/support/errata/RHSA-2007-1157.html | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-588-1 | URL:http://www.ubuntu.com/usn/usn-588-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28025 | URL:http://secunia.com/advisories/28025 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29443 | URL:http://secunia.com/advisories/29443 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-definer-value-privilege-escalation(38989) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38989";Assigned (20071210);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6304;Candidate;"The federated engine in MySQL 5.0.x before 5.0.51a; 5.1.x before 5.1.23; and 6.0.x before 6.0.4; when performing a certain SHOW TABLE STATUS query; allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.";"BUGTRAQ:20080205 rPSA-2008-0040-1 mysql mysql-bench mysql-server | URL:http://www.securityfocus.com/archive/1/archive/1/487606/100/0/threaded | CONFIRM:http://bugs.mysql.com/bug.php?id=29801 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-4.html | CONFIRM:http://lists.mysql.com/announce/502 | CONFIRM:https://issues.rpath.com/browse/RPL-2187 | CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0040 | DEBIAN:DSA-1451 | URL:http://www.debian.org/security/2008/dsa-1451 | GENTOO:GLSA-200804-04 | URL:http://security.gentoo.org/glsa/glsa-200804-04.xml | MANDRIVA:MDVSA-2008:017 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:017 | MANDRIVA:MDVSA-2008:028 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:028 | SUSE:SUSE-SR:2008:003 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html | UBUNTU:USN-559-1 | URL:http://www.ubuntulinux.org/support/documentation/usn/usn-559-1 | BID:26832 | URL:http://www.securityfocus.com/bid/26832 | OSVDB:42609 | URL:http://osvdb.org/42609 | VUPEN:ADV-2007-4198 | URL:http://www.vupen.com/english/advisories/2007/4198 | SECTRACK:1019085 | URL:http://securitytracker.com/id?1019085 | SECUNIA:28063 | URL:http://secunia.com/advisories/28063 | SECUNIA:28128 | URL:http://secunia.com/advisories/28128 | SECUNIA:28343 | URL:http://secunia.com/advisories/28343 | SECUNIA:28637 | URL:http://secunia.com/advisories/28637 | SECUNIA:28739 | URL:http://secunia.com/advisories/28739 | SECUNIA:28838 | URL:http://secunia.com/advisories/28838 | SECUNIA:29706 | URL:http://secunia.com/advisories/29706 | XF:mysql-federated-engine-dos(38990) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/38990";Assigned (20071210);"None (candidate not yet proposed)"; +5.1.22;5;1;22;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; +6.0.3;6;0;3;CVE-2007-6313;Candidate;"MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG; which allows remote authorized users to execute arbitrary BINLOG statements.";"CONFIRM:http://bugs.mysql.com/31611 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html | SECTRACK:1019083 | URL:http://www.securitytracker.com/id?1019083 | VUPEN:ADV-2008-0560 | URL:http://www.vupen.com/english/advisories/2008/0560/references | OSVDB:43179 | URL:http://osvdb.org/43179";Assigned (20071211);"None (candidate not yet proposed)"; +5.0.65;5;0;65;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.1.25;5;1;25;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +6.0.5;6;0;5;CVE-2008-3963;Candidate;"MySQL 5.0 before 5.0.66; 5.1 before 5.1.26; and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token; aka an empty bit-string literal; which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.";"MLIST:[oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/4 | MLIST:[oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash | URL:http://www.openwall.com/lists/oss-security/2008/09/09/7 | CONFIRM:http://bugs.mysql.com/bug.php?id=35658 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html | CONFIRM:http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html | CONFIRM:https://bugs.gentoo.org/237166 | DEBIAN:DSA-1783 | URL:http://www.debian.org/security/2009/dsa-1783 | MANDRIVA:MDVSA-2009:094 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | REDHAT:RHSA-2009:1067 | URL:http://www.redhat.com/support/errata/RHSA-2009-1067.html | REDHAT:RHSA-2009:1289 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | SUSE:SUSE-SR:2008:025 | URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html | UBUNTU:USN-671-1 | URL:http://www.ubuntu.com/usn/USN-671-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | OVAL:oval:org.mitre.oval:def:10521 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10521 | SECUNIA:34907 | URL:http://secunia.com/advisories/34907 | SECUNIA:32769 | URL:http://secunia.com/advisories/32769 | SECUNIA:36566 | URL:http://secunia.com/advisories/36566 | VUPEN:ADV-2008-2554 | URL:http://www.vupen.com/english/advisories/2008/2554 | SECTRACK:1020858 | URL:http://www.securitytracker.com/id?1020858 | SECUNIA:31769 | URL:http://secunia.com/advisories/31769 | SECUNIA:32759 | URL:http://secunia.com/advisories/32759 | XF:mysql-bitstring-dos(45042) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45042";Assigned (20080909);"None (candidate not yet proposed)"; +5.0.87;5;0;87;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +5.1.40;5;1;40;CVE-2009-4028;Candidate;"The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41; when OpenSSL is used; accepts a value of zero for the depth of X.509 certificates; which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate; as demonstrated by a certificate presented by a server linked against the yaSSL library.";"MLIST:[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320 | URL:http://lists.mysql.com/commits/87446 | MLIST:[oss-security] 20091119 mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/19/3 | MLIST:[oss-security] 20091121 CVE Request - MySQL - 5.0.88 | URL:http://marc.info/?l=oss-security&m=125881733826437&w=2 | MLIST:[oss-security] 20091123 Re: mysql-5.1.41 | URL:http://www.openwall.com/lists/oss-security/2009/11/23/16 | CONFIRM:http://bugs.mysql.com/47320 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | REDHAT:RHSA-2010:0109 | URL:http://www.redhat.com/support/errata/RHSA-2010-0109.html | SUSE:SUSE-SR:2010:011 | URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | OVAL:oval:org.mitre.oval:def:10940 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | OVAL:oval:org.mitre.oval:def:8510 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | VUPEN:ADV-2010-1107 | URL:http://www.vupen.com/english/advisories/2010/1107";Assigned (20091120);"None (candidate not yet proposed)"; +1.9.8;1;9;8;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.89;5;0;89;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.1.42;5;1;42;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.5.-1;5;5;-1;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.50;5;0;50;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +37.1.0;37;1;0;CVE-2009-4484;Candidate;"Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9; as used in mysqld in MySQL 5.0.x before 5.0.90; MySQL 5.1.x before 5.1.43; MySQL 5.5.x through 5.5.0-m2; and other products; allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field; as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.";"MLIST:[dailydave] 20100106 0day demos | URL:http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html | MLIST:[commits] 20100113 bzr commit into mysql-5.0-bugteam branch (ramil:2838) Bug#50227 | URL:http://lists.mysql.com/commits/96697 | MLIST:[dailydave] 20100126 New db bugs | URL:http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html | MISC:http://intevydis.com/vd-list.shtml | MISC:http://www.intevydis.com/blog/?p=57 | MISC:http://intevydis.com/mysql_demo.html | MISC:http://isc.sans.org/diary.html?storyid=7900 | MISC:http://www.intevydis.com/blog/?p=106 | MISC:http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html | MISC:http://intevydis.com/mysql_overflow1.py.txt | MISC:http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname | CONFIRM:http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 | CONFIRM:http://bugs.mysql.com/bug.php?id=50227 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html | CONFIRM:http://www.yassl.com/news.html#yassl199 | CONFIRM:http://www.yassl.com/release.html | CONFIRM:http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=555313 | DEBIAN:DSA-1997 | URL:http://www.debian.org/security/2010/dsa-1997 | UBUNTU:USN-897-1 | URL:http://ubuntu.com/usn/usn-897-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:37640 | URL:http://www.securityfocus.com/bid/37640 | BID:37943 | URL:http://www.securityfocus.com/bid/37943 | BID:37974 | URL:http://www.securityfocus.com/bid/37974 | OSVDB:61956 | URL:http://www.osvdb.org/61956 | SECTRACK:1023402 | URL:http://securitytracker.com/id?1023402 | SECTRACK:1023513 | URL:http://securitytracker.com/id?1023513 | SECUNIA:37493 | URL:http://secunia.com/advisories/37493 | SECUNIA:38344 | URL:http://secunia.com/advisories/38344 | SECUNIA:38364 | URL:http://secunia.com/advisories/38364 | SECUNIA:38573 | URL:http://secunia.com/advisories/38573 | SECUNIA:38517 | URL:http://secunia.com/advisories/38517 | VUPEN:ADV-2010-0233 | URL:http://www.vupen.com/english/advisories/2010/0233 | VUPEN:ADV-2010-0236 | URL:http://www.vupen.com/english/advisories/2010/0236 | XF:mysql-unspecified-bo(55416) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/55416";Assigned (20091230);"None (candidate not yet proposed)"; +5.0.92;5;0;92;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; +5.1.49;5;1;49;CVE-2009-5026;Candidate;"The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50; when running in certain slave configurations in which the slave is running a newer version than the master; allows remote attackers to execute arbitrary SQL commands via custom comments.";"MLIST:[oss-security] 20111018 Re: MySQL executable comment execution on MySQL slave server (from 2009) | URL:http://seclists.org/oss-sec/2011/q4/101 | CONFIRM:http://bugs.mysql.com/bug.php?id=49124 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-93.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640177 | SUSE:SUSE-SU-2012:0984 | URL:http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00007.html | SECUNIA:49179 | URL:http://secunia.com/advisories/49179";Assigned (20101209);"None (candidate not yet proposed)"; +5.1.47;5;1;47;CVE-2010-2008;Candidate;"MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot); .. (dot dot); ../ (dot dot slash) or similar sequence; and an UPGRADE DATA DIRECTORY NAME command; which causes MySQL to move certain directories to the server data directory.";"CONFIRM:http://bugs.mysql.com/bug.php?id=53804 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-48.html | FEDORA:FEDORA-2010-11135 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044546.html | MANDRIVA:MDVSA-2010:155 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:155 | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:41198 | URL:http://www.securityfocus.com/bid/41198 | OVAL:oval:org.mitre.oval:def:11869 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11869 | SECTRACK:1024160 | URL:http://www.securitytracker.com/id?1024160 | SECUNIA:40333 | URL:http://secunia.com/advisories/40333 | SECUNIA:40762 | URL:http://secunia.com/advisories/40762 | VUPEN:ADV-2010-1918 | URL:http://www.vupen.com/english/advisories/2010/1918";Assigned (20100521);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3833;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 does not properly propagate type errors; which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST; related to KILL_BAD_DATA and a ""CREATE TABLE ... SELECT.""";"MISC:http://bugs.mysql.com/bug.php?id=55826 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640751 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-extremevalue-dos(64845) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64845";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3834;Candidate;"Unspecified vulnerability in MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to ""materializing a derived table that required a temporary table for grouping"" and ""user variable assignments.""";"MISC:http://bugs.mysql.com/bug.php?id=55568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640808 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-derived-table-dos(64844) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64844";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3835;Candidate;"MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY; then causing the expression value to be used after the table is created; which causes the expression to be re-evaluated instead of accessing its value from the table.";"MISC:http://bugs.mysql.com/bug.php?id=55564 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640819 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-uservariable-dos(64843) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64843";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3836;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation; pre-evaluation of LIKE predicates; and IN Optimizers.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54568 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640845 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-view-preparation-dos(64842) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64842";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3837;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier; probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.";"CONFIRM:http://bugs.mysql.com/bug.php?id=54476 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640856 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-prepared-statement-dos(64841) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64841";Assigned (20101007);"None (candidate not yet proposed)"; +5.0.91;5;0;91;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.5.5;5;5;5;CVE-2010-3838;Candidate;"MySQL 5.0 before 5.0.92; 5.1 before 5.1.51; and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments; which is not properly handled when the function's result is ""processed using an intermediate temporary table.""";"MISC:http://bugs.mysql.com/bug.php?id=54461 | CONFIRM:http://dev.mysql.com/doc/refman/5.0/en/news-5-0-92.html | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-6.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640858 | CONFIRM:http://support.apple.com/kb/HT4723 | APPLE:APPLE-SA-2011-06-23-1 | URL:http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-longblob-dos(64840) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64840";Assigned (20101007);"None (candidate not yet proposed)"; +5.1.50;5;1;50;CVE-2010-3840;Candidate;"The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.";"MISC:http://lists.mysql.com/commits/117094 | CONFIRM:http://bugs.mysql.com/bug.php?id=51875 | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=640865 | DEBIAN:DSA-2143 | URL:http://www.debian.org/security/2011/dsa-2143 | MANDRIVA:MDVSA-2010:222 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:222 | MANDRIVA:MDVSA-2010:223 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:223 | REDHAT:RHSA-2010:0824 | URL:http://www.redhat.com/support/errata/RHSA-2010-0824.html | REDHAT:RHSA-2010:0825 | URL:http://www.redhat.com/support/errata/RHSA-2010-0825.html | REDHAT:RHSA-2011:0164 | URL:http://www.redhat.com/support/errata/RHSA-2011-0164.html | TURBO:TLSA-2011-3 | URL:http://www.turbolinux.co.jp/security/2011/TLSA-2011-3j.txt | UBUNTU:USN-1017-1 | URL:http://www.ubuntu.com/usn/USN-1017-1 | UBUNTU:USN-1397-1 | URL:http://www.ubuntu.com/usn/USN-1397-1 | BID:43676 | URL:http://www.securityfocus.com/bid/43676 | SECUNIA:42875 | URL:http://secunia.com/advisories/42875 | SECUNIA:42936 | URL:http://secunia.com/advisories/42936 | VUPEN:ADV-2011-0105 | URL:http://www.vupen.com/english/advisories/2011/0105 | VUPEN:ADV-2011-0170 | URL:http://www.vupen.com/english/advisories/2011/0170 | VUPEN:ADV-2011-0345 | URL:http://www.vupen.com/english/advisories/2011/0345 | XF:mysql-gislinestringinitfromwkb-dos(64838) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/64838";Assigned (20101007);"None (candidate not yet proposed)"; +0.9.3;0;9;3;CVE-2011-0432;Candidate;"Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.";"CONFIRM:http://code.google.com/p/pywebdav/updates/list | CONFIRM:http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=677718 | DEBIAN:DSA-2177 | URL:http://www.debian.org/security/2011/dsa-2177 | FEDORA:FEDORA-2011-2427 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html | FEDORA:FEDORA-2011-2460 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html | FEDORA:FEDORA-2011-2470 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html | BID:46655 | URL:http://www.securityfocus.com/bid/46655 | SECUNIA:43571 | URL:http://secunia.com/advisories/43571 | SECUNIA:43602 | URL:http://secunia.com/advisories/43602 | SECUNIA:43703 | URL:http://secunia.com/advisories/43703 | VUPEN:ADV-2011-0553 | URL:http://www.vupen.com/english/advisories/2011/0553 | VUPEN:ADV-2011-0554 | URL:http://www.vupen.com/english/advisories/2011/0554 | VUPEN:ADV-2011-0634 | URL:http://www.vupen.com/english/advisories/2011/0634";Assigned (20110112);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-0540;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54551 | URL:http://www.securityfocus.com/bid/54551 | OSVDB:83976 | URL:http://osvdb.org/83976 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-gisextension-dos(77061) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77061";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0572;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16792 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16792 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0574;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | HP:HPSBUX02824 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | HP:SSRT100970 | URL:http://marc.info/?l=bugtraq&m=135109152819176&w=2 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17266 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17266 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-0578;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16947 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16947 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.60;5;1;60;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.5.19;5;5;19;CVE-2012-0583;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier; and 5.5.19 and earlier; allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53061 | URL:http://www.securityfocus.com/bid/53061 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120111);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1688;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability; related to Server DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53067 | URL:http://www.securityfocus.com/bid/53067 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.22;5;5;22;CVE-2012-1689;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54547 | URL:http://www.securityfocus.com/bid/54547 | OSVDB:83980 | URL:http://osvdb.org/83980 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-optimizer-dos(77065) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77065";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1690;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1703.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53074 | URL:http://www.securityfocus.com/bid/53074 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.19;5;5;19;CVE-2012-1696;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53071 | URL:http://www.securityfocus.com/bid/53071 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1697;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:53064 | URL:http://www.securityfocus.com/bid/53064 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-1702;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17186 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17186 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-1703;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier; and 5.5.21 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer; a different vulnerability than CVE-2012-1690.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:53058 | URL:http://www.securityfocus.com/bid/53058 | SECTRACK:1026934 | URL:http://www.securitytracker.com/id?1026934 | SECUNIA:49179 | URL:http://secunia.com/advisories/49179 | SECUNIA:48890 | URL:http://secunia.com/advisories/48890 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-1705;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17268 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17268 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.62;5;1;62;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1734;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier; and 5.5.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | BID:54540 | URL:http://www.securityfocus.com/bid/54540 | OSVDB:83979 | URL:http://osvdb.org/83979 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysql-servopt-dos(77064) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77064";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1735;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54549 | URL:http://www.securityfocus.com/bid/54549 | OSVDB:83975 | URL:http://osvdb.org/83975 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-serveroptimizer-dos(77060) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77060";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54524 | URL:http://www.securityfocus.com/bid/54524 | OSVDB:83978 | URL:http://osvdb.org/83978 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-server1-dos(77063) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77063";Assigned (20120316);"None (candidate not yet proposed)"; +5.5.23;5;5;23;CVE-2012-1757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | BID:54526 | URL:http://www.securityfocus.com/bid/54526 | OSVDB:83977 | URL:http://osvdb.org/83977 | SECTRACK:1027263 | URL:http://www.securitytracker.com/id?1027263 | XF:mysql-innodb1-dos(77062) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/77062";Assigned (20120316);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +5.5.21;5;5;21;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +97.15.14;97;15;14;CVE-2012-2102;Candidate;"MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.";"MLIST:[oss-security] 20120413 Re: CVE request: mysql: Server crash on HANDLER READ NEXT after DELETE | URL:http://www.openwall.com/lists/oss-security/2012/04/13/7 | MISC:http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/3097.15.15 | MISC:http://eromang.zataz.com/2012/04/10/oracle-mysql-innodb-bugs-13510739-and-63775-dos-demo/ | CONFIRM:http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html | CONFIRM:http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | BID:52931 | URL:http://www.securityfocus.com/bid/52931 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120404);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3144;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-server-cve20123144-dos(79387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79387";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3147;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-cve20123147(79384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79384";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3149;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality; related to MySQL Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | XF:mysqlserver-client-info-disc(79390) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79390";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3150;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-opt-dos(79388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79388";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3156;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3158;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Protocol.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-protocol-cve20123158(79382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79382";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3160;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows local users to affect confidentiality via unknown vectors related to Server Installation.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverinstallation-info-disc(79394) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79394";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3163;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | CONFIRM:http://support.f5.com/kb/en-us/solutions/public/14000/900/sol14907.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:56509 | URL:http://secunia.com/advisories/56509 | SECUNIA:56513 | URL:http://secunia.com/advisories/56513 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-informationschema-cve20123163(79381) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79381";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3166;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3167;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverfulltextsearch-dos(79392) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79392";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.25;5;5;25;CVE-2012-3173;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier; and 5.5.25 and earlier; allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-innodbplugin-dos(79386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79386";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3177;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-server-dos(79383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79383";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-3180;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier; and 5.5.27 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-optimize-dos(79389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79389";Assigned (20120606);"None (candidate not yet proposed)"; +5.1.64;5;1;64;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2012-3197;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier; and 5.5.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html | DEBIAN:DSA-2581 | URL:http://www.debian.org/security/2012/dsa-2581 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2012:1462 | URL:http://rhn.redhat.com/errata/RHSA-2012-1462.html | UBUNTU:USN-1621-1 | URL:http://www.ubuntu.com/usn/USN-1621-1 | SECUNIA:51309 | URL:http://secunia.com/advisories/51309 | SECUNIA:51177 | URL:http://secunia.com/advisories/51177 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:mysqlserver-serverreplication-dos(79393) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/79393";Assigned (20120606);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.1.61;5;1;61;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.2.11;5;2;11;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.3.6;5;3;6;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.5.24;5;5;24;CVE-2012-4414;Candidate;"Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29; and MariaDB 5.1.x through 5.1.62; 5.2.x through 5.2.12; 5.3.x through 5.3.7; and 5.5.x through 5.5.25; allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116; Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.";"MLIST:[oss-security] 20120911 Multiple SQL injections in MySQL/MariaDB | URL:http://www.openwall.com/lists/oss-security/2012/09/11/4 | MISC:http://bugs.mysql.com/bug.php?id=66550 | MISC:http://www.mysqlperformanceblog.com/2013/01/13/cve-2012-4414-in-mysql-5-5-29-and-percona-server-5-5-29/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=852144 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-382 | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | MANDRIVA:MDVSA-2013:102 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:102 | SUSE:openSUSE-SU-2013:0011 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00000.html | SUSE:openSUSE-SU-2013:0014 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00002.html | SUSE:openSUSE-SU-2013:0135 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00013.html | SUSE:openSUSE-SU-2013:0156 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00020.html | BID:55498 | URL:http://www.securityfocus.com/bid/55498";Assigned (20120821);"None (candidate not yet proposed)"; +5.1.65;5;1;65;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; +5.5.27;5;5;27;CVE-2012-5060;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability; related to GIS Extension.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120921);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2012-5096;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16877 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16877 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20120922);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0367;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17077 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17077 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0368;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17255 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17255 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0371;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability; related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16451 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16451 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.28;5;1;28;CVE-2013-0375;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.1.28 and earlier; allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:17175 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17175 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0383;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote attackers to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16758 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16758 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0384;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Information Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16632 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16632 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0385;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16267 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16267 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0386;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16835 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16835 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-0389;Candidate;"Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier; and 5.5.28 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0219 | URL:http://rhn.redhat.com/errata/RHSA-2013-0219.html | UBUNTU:USN-1703-1 | URL:http://www.ubuntu.com/usn/USN-1703-1 | OVAL:oval:org.mitre.oval:def:16825 | URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16825 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20121207);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.6.9;5;6;9;CVE-2013-1502;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-1506;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; 5.5.29 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-1523;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1526;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.1.66;5;1;66;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.28;5;5;28;CVE-2013-1531;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.1.63;5;1;63;CVE-2013-1548;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1555;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier; and 5.5.29 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130130);"None (candidate not yet proposed)"; +5.5.29;5;5;29;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.3.12;5;3;12;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.2.14;5;2;14;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.67;5;1;67;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-1861;Candidate;"MariaDB 5.5.x before 5.5.30; 5.3.x before 5.3.13; 5.2.x before 5.2.15; and 5.1.x before 5.1.68; and Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points; which is not properly handled when processing the binary representation of this feature; related to a numeric calculation error.";"MLIST:[Commits] 20130305 Rev 3682: TODO-424 geometry query crashes server. in file:///home/hf/wmar/todo-424/ | URL:http://lists.askmonty.org/pipermail/commits/2013-March/004371.html | MLIST:[oss-security] 20130513 CVE-2013-1861 for MySQL/MariaDB: geometry query crashes mysqld | URL:http://seclists.org/oss-sec/2013/q1/671 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=919247 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-4252 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:58511 | URL:http://www.securityfocus.com/bid/58511 | OSVDB:91415 | URL:http://www.osvdb.org/91415 | SECUNIA:52639 | URL:http://secunia.com/advisories/52639 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:mysql-mariadb-cve20131861-dos(82895) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82895";Assigned (20130219);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-2381;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-2391;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-2392;Candidate;"Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | MANDRIVA:MDVSA-2013:150 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 | REDHAT:RHSA-2013:0772 | URL:http://rhn.redhat.com/errata/RHSA-2013-0772.html | SECUNIA:53372 | URL:http://secunia.com/advisories/53372";Assigned (20130305);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3783;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61210 | URL:http://www.securityfocus.com/bid/61210 | OSVDB:95332 | URL:http://osvdb.org/95332 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133783(85719) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85719";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3793;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61264 | URL:http://www.securityfocus.com/bid/61264 | OSVDB:95323 | URL:http://osvdb.org/95323 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133793(85710) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85710";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-3794;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61222 | URL:http://www.securityfocus.com/bid/61222 | OSVDB:95333 | URL:http://osvdb.org/95333";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3795;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61241 | URL:http://www.securityfocus.com/bid/61241 | OSVDB:95324 | URL:http://osvdb.org/95324";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3796;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61233 | URL:http://www.securityfocus.com/bid/61233 | OSVDB:95329 | URL:http://osvdb.org/95329";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3798;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61274 | URL:http://www.securityfocus.com/bid/61274 | OSVDB:95321 | URL:http://osvdb.org/95321";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-3801;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | BID:61269 | URL:http://www.securityfocus.com/bid/61269 | OSVDB:95331 | URL:http://osvdb.org/95331";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.69;5;1;69;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3802;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | BID:61244 | URL:http://www.securityfocus.com/bid/61244 | OSVDB:95325 | URL:http://osvdb.org/95325 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133802(85712) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85712";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.69;5;1;69;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3804;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier; 5.5.31 and earlier; and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95328 | URL:http://osvdb.org/95328 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133804(85715) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85715";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-3805;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95327 | URL:http://osvdb.org/95327";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3806;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3811.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95326 | URL:http://osvdb.org/95326 | XF:oracle-cpujuly2013-cve20133806(85713) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85713";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3807;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95334 | URL:http://osvdb.org/95334 | XF:oracle-cpujuly2013-cve20133807(85721) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85721";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.68;5;1;68;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.30;5;5;30;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2013-3808;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier; 5.5.30 and earlier; and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | GENTOO:GLSA-201308-06 | URL:http://security.gentoo.org/glsa/glsa-201308-06.xml | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95330 | URL:http://osvdb.org/95330 | SECUNIA:53372 | URL:http://secunia.com/advisories/53372 | XF:oracle-cpujuly2013-cve20133808(85717) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85717";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3809;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95322 | URL:http://osvdb.org/95322 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133809(85709) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85709";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3810;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95337 | URL:http://osvdb.org/95337 | XF:oracle-cpujuly2013-cve20133810(85724) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85724";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3811;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-3806.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | OSVDB:95335 | URL:http://osvdb.org/95335 | XF:oracle-cpujuly2013-cve20133811(85722) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85722";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.31;5;5;31;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-3812;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | SUSE:SUSE-SU-2013:1390 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00022.html | SUSE:openSUSE-SU-2013:1335 | URL:http://lists.opensuse.org/opensuse-updates/2013-08/msg00024.html | SUSE:openSUSE-SU-2013:1410 | URL:http://lists.opensuse.org/opensuse-updates/2013-09/msg00008.html | SUSE:SUSE-SU-2013:1529 | URL:http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00001.html | UBUNTU:USN-1909-1 | URL:http://www.ubuntu.com/usn/USN-1909-1 | OSVDB:95336 | URL:http://osvdb.org/95336 | SECUNIA:54300 | URL:http://secunia.com/advisories/54300 | XF:oracle-cpujuly2013-cve20133812(85723) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/85723";Assigned (20130603);"None (candidate not yet proposed)"; +5.1.70;5;1;70;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.5.32;5;5;32;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-3839;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier; 5.5.32 and earlier; and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2780 | URL:http://www.debian.org/security/2013/dsa-2780 | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2013:250 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:250 | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63109 | URL:http://www.securityfocus.com/bid/63109 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184 | SECUNIA:55291 | URL:http://secunia.com/advisories/55291";Assigned (20130603);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5767;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63113 | URL:http://www.securityfocus.com/bid/63113 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.11;5;6;11;CVE-2013-5770;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63119 | URL:http://www.securityfocus.com/bid/63119 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5786;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5793.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63107 | URL:http://www.securityfocus.com/bid/63107 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5793;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5786.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:63116 | URL:http://www.securityfocus.com/bid/63116 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.32;5;5;32;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.12;5;6;12;CVE-2013-5807;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html | DEBIAN:DSA-2818 | URL:http://www.debian.org/security/2013/dsa-2818 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2006-1 | URL:http://www.ubuntu.com/usn/USN-2006-1 | BID:63105 | URL:http://www.securityfocus.com/bid/63105 | SECTRACK:1029184 | URL:http://www.securitytracker.com/id/1029184";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5860;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64864 | URL:http://www.securityfocus.com/bid/64864 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135860(90373) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90373";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5881;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2014-0431.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64885 | URL:http://www.securityfocus.com/bid/64885 | OSVDB:102066 | URL:http://osvdb.org/102066 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135881(90377) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90377";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5882;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64854 | URL:http://www.securityfocus.com/bid/64854 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135882(90374) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90374";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5891;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64891 | URL:http://www.securityfocus.com/bid/64891 | OSVDB:102070 | URL:http://osvdb.org/102070 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2013-5894;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64873 | URL:http://www.securityfocus.com/bid/64873 | OSVDB:102065 | URL:http://osvdb.org/102065 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20135894(90376) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90376";Assigned (20130918);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2013-5908;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64896 | URL:http://www.securityfocus.com/bid/64896 | OSVDB:102078 | URL:http://osvdb.org/102078 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20135908(90389) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90389";Assigned (20130918);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; +02.565.63;02;565;63;CVE-2014-0001;Candidate;"Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.";"CONFIRM:http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1054592 | CONFIRM:https://mariadb.com/kb/en/mariadb-5535-changelog/ | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | MANDRIVA:MDVSA-2014:029 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2014:029 | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | BID:65298 | URL:http://www.securityfocus.com/bid/65298 | OSVDB:102713 | URL:http://osvdb.org/102713 | OSVDB:102714 | URL:http://www.osvdb.org/102714 | SECTRACK:1029708 | URL:http://www.securitytracker.com/id/1029708 | SECUNIA:52161 | URL:http://secunia.com/advisories/52161 | XF:mysql-cve20140001-bo(90901) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90901";Assigned (20131203);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-0384;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0386;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64904 | URL:http://www.securityfocus.com/bid/64904 | OSVDB:102069 | URL:http://osvdb.org/102069 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140386(90380) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90380";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0393;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64877 | URL:http://www.securityfocus.com/bid/64877 | OSVDB:102075 | URL:http://osvdb.org/102075 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140393(90386) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90386";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0401;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64898 | URL:http://www.securityfocus.com/bid/64898 | OSVDB:102071 | URL:http://osvdb.org/102071 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140401(90382) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90382";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.71;5;1;71;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.33;5;5;33;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0402;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier; 5.5.33 and earlier; and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64908 | URL:http://www.securityfocus.com/bid/64908 | OSVDB:102068 | URL:http://osvdb.org/102068 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140402(90379) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90379";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0412;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64880 | URL:http://www.securityfocus.com/bid/64880 | OSVDB:102067 | URL:http://osvdb.org/102067 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140412(90378) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90378";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0420;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier; and 5.6.14 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64888 | URL:http://www.securityfocus.com/bid/64888 | OSVDB:102077 | URL:http://osvdb.org/102077 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140420(90388) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90388";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0427;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64868 | URL:http://www.securityfocus.com/bid/64868 | OSVDB:102072 | URL:http://osvdb.org/102072 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140427(90383) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90383";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0430;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64893 | URL:http://www.securityfocus.com/bid/64893 | OSVDB:102076 | URL:http://osvdb.org/102076 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140430(90387) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90387";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0431;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2013-5881.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64897 | URL:http://www.securityfocus.com/bid/64897 | OSVDB:102073 | URL:http://osvdb.org/102073 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140431(90384) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90384";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.13;5;6;13;CVE-2014-0433;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64895 | URL:http://www.securityfocus.com/bid/64895 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | XF:oracle-cpujan2014-cve20140433(90375) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90375";Assigned (20131212);"None (candidate not yet proposed)"; +5.1.72;5;1;72;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.34;5;5;34;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.6.14;5;6;14;CVE-2014-0437;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier; 5.5.34 and earlier; and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html | DEBIAN:DSA-2845 | URL:http://www.debian.org/security/2014/dsa-2845 | DEBIAN:DSA-2848 | URL:http://www.debian.org/security/2014/dsa-2848 | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0164 | URL:http://rhn.redhat.com/errata/RHSA-2014-0164.html | REDHAT:RHSA-2014:0173 | URL:http://rhn.redhat.com/errata/RHSA-2014-0173.html | REDHAT:RHSA-2014:0186 | URL:http://rhn.redhat.com/errata/RHSA-2014-0186.html | REDHAT:RHSA-2014:0189 | URL:http://rhn.redhat.com/errata/RHSA-2014-0189.html | UBUNTU:USN-2086-1 | URL:http://ubuntu.com/usn/usn-2086-1 | BID:64758 | URL:http://www.securityfocus.com/bid/64758 | BID:64849 | URL:http://www.securityfocus.com/bid/64849 | OSVDB:102074 | URL:http://osvdb.org/102074 | SECUNIA:56491 | URL:http://secunia.com/advisories/56491 | SECUNIA:56541 | URL:http://secunia.com/advisories/56541 | SECUNIA:56580 | URL:http://secunia.com/advisories/56580 | XF:oracle-cpujan2014-cve20140437(90385) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/90385";Assigned (20131212);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2419;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66880 | URL:http://www.securityfocus.com/bid/66880";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2430;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66858 | URL:http://www.securityfocus.com/bid/66858";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2431;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66890 | URL:http://www.securityfocus.com/bid/66890";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2432;Candidate;"Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66875 | URL:http://www.securityfocus.com/bid/66875";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2434;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66872 | URL:http://www.securityfocus.com/bid/66872";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2435;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | BID:66853 | URL:http://www.securityfocus.com/bid/66853";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.36;5;5;36;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.16;5;6;16;CVE-2014-2436;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66896 | URL:http://www.securityfocus.com/bid/66896";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html | GENTOO:GLSA-201409-04 | URL:http://security.gentoo.org/glsa/glsa-201409-04.xml | REDHAT:RHSA-2014:0522 | URL:http://rhn.redhat.com/errata/RHSA-2014-0522.html | REDHAT:RHSA-2014:0536 | URL:http://rhn.redhat.com/errata/RHSA-2014-0536.html | REDHAT:RHSA-2014:0537 | URL:http://rhn.redhat.com/errata/RHSA-2014-0537.html | REDHAT:RHSA-2014:0702 | URL:http://rhn.redhat.com/errata/RHSA-2014-0702.html | BID:66846 | URL:http://www.securityfocus.com/bid/66846";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2442;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2444;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2450;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-2451;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html";Assigned (20140313);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-2484;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRFTS.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-2494;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425";Assigned (20140313);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4207;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68593 | URL:http://www.securityfocus.com/bid/68593 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144207(94624) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94624";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4214;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68607 | URL:http://www.securityfocus.com/bid/68607 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144214(94627) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94627";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4233;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68598 | URL:http://www.securityfocus.com/bid/68598 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144233(94625) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94625";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4238;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68587 | URL:http://www.securityfocus.com/bid/68587 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144238(94623) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94623";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4240;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68602 | URL:http://www.securityfocus.com/bid/68602 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144240(94626) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94626";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.35;5;5;35;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.15;5;6;15;CVE-2014-4243;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | BID:68611 | URL:http://www.securityfocus.com/bid/68611 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144243(94628) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94628";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4258;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SRINFOSC.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68564 | URL:http://www.securityfocus.com/bid/68564 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144258(94620) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94620";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.37;5;5;37;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.17;5;6;17;CVE-2014-4260;Candidate;"Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier; and 5.6.17 and earlier; allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.";"BUGTRAQ:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded | FULLDISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities | URL:http://seclists.org/fulldisclosure/2014/Dec/23 | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html | CONFIRM:http://www.vmware.com/security/advisories/VMSA-2014-0012.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-2985 | URL:http://www.debian.org/security/2014/dsa-2985 | SUSE:SUSE-SU-2014:1072 | URL:http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00012.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:68573 | URL:http://www.securityfocus.com/bid/68573 | SECTRACK:1030578 | URL:http://www.securitytracker.com/id/1030578 | SECUNIA:60425 | URL:http://secunia.com/advisories/60425 | XF:oracle-cpujul2014-cve20144260(94621) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/94621";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-4274;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to SERVER:MyISAM.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:69732 | URL:http://www.securityfocus.com/bid/69732";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-4287;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70517 | URL:http://www.securityfocus.com/bid/70517";Assigned (20140617);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6463;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70532 | URL:http://www.securityfocus.com/bid/70532";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6464;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70451 | URL:http://www.securityfocus.com/bid/70451 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6469;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70446 | URL:http://www.securityfocus.com/bid/70446 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6474;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6478;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70489 | URL:http://www.securityfocus.com/bid/70489";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6484;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70455 | URL:http://www.securityfocus.com/bid/70455";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6489;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70525 | URL:http://www.securityfocus.com/bid/70525";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6491;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6500.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70444 | URL:http://www.securityfocus.com/bid/70444 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6494;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6496.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70497 | URL:http://www.securityfocus.com/bid/70497 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6495;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70496 | URL:http://www.securityfocus.com/bid/70496";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6496;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL; a different vulnerability than CVE-2014-6494.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70469 | URL:http://www.securityfocus.com/bid/70469 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via vectors related to SERVER:SSL:yaSSL; a different vulnerability than CVE-2014-6491.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70478 | URL:http://www.securityfocus.com/bid/70478 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70516 | URL:http://www.securityfocus.com/bid/70516";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70550 | URL:http://www.securityfocus.com/bid/70550 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6520;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70510 | URL:http://www.securityfocus.com/bid/70510";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6530;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to CLIENT:MYSQLDUMP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70486 | URL:http://www.securityfocus.com/bid/70486";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6551;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70462 | URL:http://www.securityfocus.com/bid/70462";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6555;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to SERVER:DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70530 | URL:http://www.securityfocus.com/bid/70530 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.39;5;5;39;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.20;5;6;20;CVE-2014-6559;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier; and 5.6.20 and earlier; allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | GENTOO:GLSA-201411-02 | URL:http://security.gentoo.org/glsa/glsa-201411-02.xml | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70487 | URL:http://www.securityfocus.com/bid/70487 | SECUNIA:61579 | URL:http://secunia.com/advisories/61579 | SECUNIA:62073 | URL:http://secunia.com/advisories/62073";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2014-6564;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:70511 | URL:http://www.securityfocus.com/bid/70511";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2014-6568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72210 | URL:http://www.securityfocus.com/bid/72210 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732";Assigned (20140917);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0374;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72227 | URL:http://www.securityfocus.com/bid/72227 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150374(100191) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100191";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0381;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0382.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72214 | URL:http://www.securityfocus.com/bid/72214 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150381(100185) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100185";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0382;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication; a different vulnerability than CVE-2015-0381.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72200 | URL:http://www.securityfocus.com/bid/72200 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150382(100184) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100184";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0385;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72229 | URL:http://www.securityfocus.com/bid/72229 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150385(100190) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100190";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.38;5;5;38;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.19;5;6;19;CVE-2015-0391;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier; and 5.6.19 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | BID:72205 | URL:http://www.securityfocus.com/bid/72205 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150391(100186) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100186";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0405;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0409;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | BID:72223 | URL:http://www.securityfocus.com/bid/72223 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | XF:oracle-cpujan2015-cve20150409(100188) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100188";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.21;5;6;21;CVE-2015-0411;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier; and 5.6.21 and earlier; allows remote attackers to affect confidentiality; integrity; and availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72191 | URL:http://www.securityfocus.com/bid/72191 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150411(100183) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100183";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0423;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2015-0432;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3135 | URL:http://www.debian.org/security/2015/dsa-3135 | FEDORA:FEDORA-2015-1162 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html | GENTOO:GLSA-201504-05 | URL:https://security.gentoo.org/glsa/201504-05 | REDHAT:RHSA-2015:0116 | URL:http://rhn.redhat.com/errata/RHSA-2015-0116.html | REDHAT:RHSA-2015:0117 | URL:http://rhn.redhat.com/errata/RHSA-2015-0117.html | REDHAT:RHSA-2015:0118 | URL:http://rhn.redhat.com/errata/RHSA-2015-0118.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0743 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html | UBUNTU:USN-2480-1 | URL:http://www.ubuntu.com/usn/USN-2480-1 | BID:72217 | URL:http://www.securityfocus.com/bid/72217 | SECTRACK:1031581 | URL:http://www.securitytracker.com/id/1031581 | SECUNIA:62728 | URL:http://secunia.com/advisories/62728 | SECUNIA:62730 | URL:http://secunia.com/advisories/62730 | SECUNIA:62732 | URL:http://secunia.com/advisories/62732 | XF:oracle-cpujan2015-cve20150432(100187) | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/100187";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0433;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to InnoDB : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0438;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0439;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-4756.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74085 | URL:http://www.securityfocus.com/bid/74085 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-0441;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0498;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0499;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0500;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | BID:74081 | URL:http://www.securityfocus.com/bid/74081 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0501;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0503;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0505;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74112 | URL:http://www.securityfocus.com/bid/74112 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0506;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB; a different vulnerability than CVE-2015-0508.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0507;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0508;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0506.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-0511;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20141217);"None (candidate not yet proposed)"; +2.2.12;2;2;12;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; +2.2.8;2;2;8;CVE-2015-1027;Candidate;"The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.";"CONFIRM:https://bugs.launchpad.net/percona-toolkit/+bug/1408375 | CONFIRM:https://www.percona.com/blog/2015/05/06/percona-security-advisory-cve-2015-1027/";Assigned (20150110);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2566;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2567;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2568;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74073 | URL:http://www.securityfocus.com/bid/74073 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150320);"None (candidate not yet proposed)"; +5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | DEBIAN:DSA-3311 | URL:http://www.debian.org/security/2015/dsa-3311 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | REDHAT:RHSA-2015:1647 | URL:http://rhn.redhat.com/errata/RHSA-2015-1647.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1646 | URL:http://rhn.redhat.com/errata/RHSA-2015-1646.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781 | SECTRACK:1032911 | URL:http://www.securitytracker.com/id/1032911";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4800;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77216 | URL:http://www.securityfocus.com/bid/77216 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4802;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4792.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77165 | URL:http://www.securityfocus.com/bid/77165 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4815;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77222 | URL:http://www.securityfocus.com/bid/77222 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4816;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77134 | URL:http://www.securityfocus.com/bid/77134 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4819;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client programs.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77196 | URL:http://www.securityfocus.com/bid/77196 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4826;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77237 | URL:http://www.securityfocus.com/bid/77237 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4830;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77228 | URL:http://www.securityfocus.com/bid/77228 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4833;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77170 | URL:http://www.securityfocus.com/bid/77170 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4836;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : SP.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77190 | URL:http://www.securityfocus.com/bid/77190 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4858;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via vectors related to DML; a different vulnerability than CVE-2015-4913.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77145 | URL:http://www.securityfocus.com/bid/77145 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4861;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77137 | URL:http://www.securityfocus.com/bid/77137 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4862;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77147 | URL:http://www.securityfocus.com/bid/77147 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.43;5;5;43;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.24;5;6;24;CVE-2015-4864;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2015:1665 | URL:http://rhn.redhat.com/errata/RHSA-2015-1665.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77187 | URL:http://www.securityfocus.com/bid/77187 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4866;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77132 | URL:http://www.securityfocus.com/bid/77132 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4870;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier; and 5.6.26 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.";"EXPLOIT-DB:39867 | URL:https://www.exploit-db.com/exploits/39867/ | MISC:http://packetstormsecurity.com/files/137232/MySQL-Procedure-Analyse-Denial-Of-Service.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77208 | URL:http://www.securityfocus.com/bid/77208 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.44;5;5;44;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4879;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier; and 5.6.25 and earlier; allows remote authenticated users to affect confidentiality; integrity; and availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77140 | URL:http://www.securityfocus.com/bid/77140 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4890;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77231 | URL:http://www.securityfocus.com/bid/77231 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4895;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77136 | URL:http://www.securityfocus.com/bid/77136 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2015-4904;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77219 | URL:http://www.securityfocus.com/bid/77219 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.23;5;6;23;CVE-2015-4905;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77143 | URL:http://www.securityfocus.com/bid/77143 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4910;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77234 | URL:http://www.securityfocus.com/bid/77234 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2015-4913;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML; a different vulnerability than CVE-2015-4858.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77153 | URL:http://www.securityfocus.com/bid/77153 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; +5.6.27;5;6;27;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +2.17.0;2;17;0;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +10.0.21;10;0;21;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +2.21.1;2;21;1;CVE-2015-5969;Candidate;"The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 in openSUSE 13.2 and before 10.0.22-3.1 in SUSE Linux Enterprise (SLE) 12.1 and openSUSE Leap 42.1 allows local users to discover database credentials by listing a process and its arguments.";"CONFIRM:https://bugzilla.suse.com/957174 | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2016:0379 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00050.html";Assigned (20150812);"None (candidate not yet proposed)"; +5.4.42;5;4;42;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.26;5;5;26;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.6.10;5;6;10;CVE-2015-8838;Candidate;"ext/mysqlnd/mysqlnd.c in PHP before 5.4.43; 5.5.x before 5.5.27; and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; a related issue to CVE-2015-3152.";"CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 | CONFIRM:http://php.net/ChangeLog-5.php | CONFIRM:https://bugs.php.net/bug.php?id=69669 | SUSE:SUSE-SU-2016:1145 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00052.html | SUSE:SUSE-SU-2016:1166 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00056.html | SUSE:openSUSE-SU-2016:1167 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00057.html | SUSE:openSUSE-SU-2016:1173 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00058.html | UBUNTU:USN-2952-1 | URL:http://www.ubuntu.com/usn/USN-2952-1 | UBUNTU:USN-2952-2 | URL:http://www.ubuntu.com/usn/USN-2952-2";Assigned (20160331);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.7.8;5;7;8;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-0546;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier; 5.6.27 and earlier; and 5.7.9 and MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10 allows local users to affect confidentiality; integrity; and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1301493 | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-47.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-28.html | CONFIRM:https://github.com/mysql/mysql-server/commit/0dbd5a8797ed4bd18e8b883988fb62177eb0f73f | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3459 | URL:http://www.debian.org/security/2016/dsa-3459 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:0367 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:openSUSE-SU-2016:0377 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00016.html | UBUNTU:USN-2881-1 | URL:http://www.ubuntu.com/usn/USN-2881-1 | BID:81066 | URL:http://www.securityfocus.com/bid/81066 | SECTRACK:1034708 | URL:http://www.securitytracker.com/id/1034708";Assigned (20151209);"None (candidate not yet proposed)"; +3.16.0;3;16;0;CVE-2016-10550;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters; a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier.";"MISC:https://github.com/sequelize/sequelize/pull/5167/commits/f282d85e60e3df5e57ecdb82adccb4eaef404f03 | MISC:https://nodesecurity.io/advisories/112";Assigned (20171029);"None (candidate not yet proposed)"; +2.1.3;2;1;3;CVE-2016-10553;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. A fix was pushed out that fixed potential SQL injection in sequelize 2.1.3 and earlier.";"MISC:https://github.com/sequelize/sequelize/blob/master/changelog.md#300 | MISC:https://nodesecurity.io/advisories/109";Assigned (20171029);"None (candidate not yet proposed)"; +1.7.-1;1;7;-1;CVE-2016-10554;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS. Before version 1.7.0-alpha3; sequelize defaulted SQLite to use MySQL backslash escaping; even though SQLite uses Postgres escaping.";"MISC:https://github.com/sequelize/sequelize/commit/c876192aa6ce1f67e22b26a4d175b8478615f42d | MISC:https://nodesecurity.io/advisories/113";Assigned (20171029);"None (candidate not yet proposed)"; +3.19.3;3;19;3;CVE-2016-10556;Candidate;"sequelize is an Object-relational mapping; or a middleman to convert things from Postgres; MySQL; MariaDB; SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres; SQLite; and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This causes potential SQL injection in sequelize 3.19.3 and earlier; where a malicious user could put `[""test""; ""'); DELETE TestTable WHERE Id = 1 --')""]` inside of ``` database.query('SELECT * FROM TestTable WHERE Name IN (:names)'; { replacements: { names: directCopyOfUserInput } }); ``` and cause the SQL statement to become `SELECT Id FROM Table WHERE Name IN ('test'; '\'); DELETE TestTable WHERE Id = 1 --')`. In Postgres; MSSQL; and SQLite; the backslash has no special meaning. This causes the the statement to delete whichever Id has a value of 1 in the TestTable table.";"MISC:https://github.com/sequelize/sequelize/issues/5671 | MISC:https://nodesecurity.io/advisories/102";Assigned (20171029);"None (candidate not yet proposed)"; +5.5.46;5;5;46;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.0.22;10;0;22;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +10.1.9;10;1;9;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-2047;Candidate;"The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47; 10.0.x before 10.0.23; and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate; which allows man-in-the-middle attackers to spoof SSL servers via a ""/CN="" string in a field in a certificate; as demonstrated by ""/OU=/CN=bar.com/CN=foo.com.""";"MLIST:[oss-security] 20160126 Flaw in mariadb clients SSL certificate validation | URL:http://www.openwall.com/lists/oss-security/2016/01/26/3 | CONFIRM:https://mariadb.atlassian.net/browse/MDEV-9212 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10110-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5547-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mdb-10023-rn/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3453 | URL:http://www.debian.org/security/2016/dsa-3453 | DEBIAN:DSA-3557 | URL:http://www.debian.org/security/2016/dsa-3557 | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | SUSE:openSUSE-SU-2016:1686 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00053.html | SUSE:SUSE-SU-2016:1619 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00033.html | SUSE:SUSE-SU-2016:1620 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00034.html | SUSE:openSUSE-SU-2016:1664 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00051.html | SUSE:SUSE-SU-2016:1279 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00035.html | SUSE:openSUSE-SU-2016:1332 | URL:http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html | UBUNTU:USN-2953-1 | URL:http://www.ubuntu.com/usn/USN-2953-1 | UBUNTU:USN-2954-1 | URL:http://www.ubuntu.com/usn/USN-2954-1 | BID:81810 | URL:http://www.securityfocus.com/bid/81810 | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160122);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3424;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91976 | URL:http://www.securityfocus.com/bid/91976 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91910 | URL:http://www.securityfocus.com/bid/91910 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.9;5;7;9;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3452;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.10 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91999 | URL:http://www.securityfocus.com/bid/91999 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-3459;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91943 | URL:http://www.securityfocus.com/bid/91943 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +3.0.25;3;0;25;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; +3.1.2;3;1;2;CVE-2016-3461;Candidate;"Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality; integrity; and availability via vectors related to Monitoring: Server.";"MISC:https://www.tenable.com/security/research/tra-2016-11 | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html | SECTRACK:1035606 | URL:http://www.securitytracker.com/id/1035606";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.45;5;5;45;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.26;5;6;26;CVE-2016-3471;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Option.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91913 | URL:http://www.securityfocus.com/bid/91913 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3477;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Parser.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91902 | URL:http://www.securityfocus.com/bid/91902 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3486;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91980 | URL:http://www.securityfocus.com/bid/91980 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-3492;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93650 | URL:http://www.securityfocus.com/bid/93650 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-3495;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93670 | URL:http://www.securityfocus.com/bid/93670 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3501;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91949 | URL:http://www.securityfocus.com/bid/91949 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3518;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91967 | URL:http://www.securityfocus.com/bid/91967 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3521;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91932 | URL:http://www.securityfocus.com/bid/91932 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3588;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91983 | URL:http://www.securityfocus.com/bid/91983 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-3614;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91992 | URL:http://www.securityfocus.com/bid/91992 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-3615;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91960 | URL:http://www.securityfocus.com/bid/91960 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160317);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5436;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91906 | URL:http://www.securityfocus.com/bid/91906 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5437;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91917 | URL:http://www.securityfocus.com/bid/91917 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5439;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91969 | URL:http://www.securityfocus.com/bid/91969 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.29;5;6;29;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.49;5;5;49;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.25;10;0;25;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.14;10;1;14;CVE-2016-5440;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier; 5.6.30 and earlier; and 5.7.12 and earlier and MariaDB before 5.5.50; 10.0.x before 10.0.26; and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10026-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10115-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5550-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | DEBIAN:DSA-3624 | URL:http://www.debian.org/security/2016/dsa-3624 | DEBIAN:DSA-3632 | URL:http://www.debian.org/security/2016/dsa-3632 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1603 | URL:http://rhn.redhat.com/errata/RHSA-2016-1603.html | REDHAT:RHSA-2016:1604 | URL:http://rhn.redhat.com/errata/RHSA-2016-1604.html | REDHAT:RHSA-2016:1637 | URL:http://rhn.redhat.com/errata/RHSA-2016-1637.html | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | SUSE:openSUSE-SU-2016:2278 | URL:http://lists.opensuse.org/opensuse-updates/2016-09/msg00042.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91953 | URL:http://www.securityfocus.com/bid/91953 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5441;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91915 | URL:http://www.securityfocus.com/bid/91915 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5442;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91974 | URL:http://www.securityfocus.com/bid/91974 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-5443;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | UBUNTU:USN-3040-1 | URL:http://www.ubuntu.com/usn/USN-3040-1 | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91963 | URL:http://www.securityfocus.com/bid/91963 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.47;5;5;47;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.28;5;6;28;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.10;5;7;10;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.48;5;5;48;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.0.24;10;0;24;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +10.1.13;10;1;13;CVE-2016-5444;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier; 5.6.29 and earlier; and 5.7.11 and earlier and MariaDB before 5.5.49; 10.0.x before 10.0.25; and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/ | CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168 | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | REDHAT:RHSA-2016:1602 | URL:http://rhn.redhat.com/errata/RHSA-2016-1602.html | REDHAT:RHSA-2016:1132 | URL:https://access.redhat.com/errata/RHSA-2016:1132 | REDHAT:RHSA-2016:1480 | URL:http://rhn.redhat.com/errata/RHSA-2016-1480.html | REDHAT:RHSA-2016:1481 | URL:http://rhn.redhat.com/errata/RHSA-2016-1481.html | BID:91787 | URL:http://www.securityfocus.com/bid/91787 | BID:91987 | URL:http://www.securityfocus.com/bid/91987 | SECTRACK:1036362 | URL:http://www.securitytracker.com/id/1036362";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5507;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | BID:93678 | URL:http://www.securityfocus.com/bid/93678 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.52;5;5;52;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.33;5;6;33;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.15;5;7;15;CVE-2016-5584;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier; 5.6.33 and earlier; and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | DEBIAN:DSA-3706 | URL:http://www.debian.org/security/2016/dsa-3706 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93735 | URL:http://www.securityfocus.com/bid/93735 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5625;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality; integrity; and availability via vectors related to Server: Packaging.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93617 | URL:http://www.securityfocus.com/bid/93617 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5627;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93642 | URL:http://www.securityfocus.com/bid/93642 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5628;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93662 | URL:http://www.securityfocus.com/bid/93662 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5629;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93668 | URL:http://www.securityfocus.com/bid/93668 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5630;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | BID:93674 | URL:http://www.securityfocus.com/bid/93674 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5631;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93684 | URL:http://www.securityfocus.com/bid/93684 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-5632;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93693 | URL:http://www.securityfocus.com/bid/93693 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5633;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-8290.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93702 | URL:http://www.securityfocus.com/bid/93702 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-5635;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93715 | URL:http://www.securityfocus.com/bid/93715 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160616);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.26;10;0;26;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.16;10;1;16;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6662;Candidate;"Oracle MySQL through 5.5.52; 5.6.x through 5.6.33; and 5.7.x through 5.7.15; MariaDB before 5.5.51; 10.0.x before 10.0.27; and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1; 5.6.x before 5.6.32-78.0; and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52; 5.6.33; and 5.7.15.";"EXPLOIT-DB:40360 | URL:https://www.exploit-db.com/exploits/40360/ | FULLDISC:20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://seclists.org/fulldisclosure/2016/Sep/23 | MLIST:[oss-security] 20160912 CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/09/12/3 | MISC:http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html | CONFIRM:https://jira.mariadb.org/browse/MDEV-10465 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10027-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10117-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5551-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/09/12/percona-server-critical-update-cve-2016-6662/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3666 | URL:http://www.debian.org/security/2016/dsa-3666 | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2058 | URL:http://rhn.redhat.com/errata/RHSA-2016-2058.html | REDHAT:RHSA-2016:2059 | URL:http://rhn.redhat.com/errata/RHSA-2016-2059.html | REDHAT:RHSA-2016:2060 | URL:http://rhn.redhat.com/errata/RHSA-2016-2060.html | REDHAT:RHSA-2016:2061 | URL:http://rhn.redhat.com/errata/RHSA-2016-2061.html | REDHAT:RHSA-2016:2062 | URL:http://rhn.redhat.com/errata/RHSA-2016-2062.html | REDHAT:RHSA-2016:2077 | URL:http://rhn.redhat.com/errata/RHSA-2016-2077.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92912 | URL:http://www.securityfocus.com/bid/92912 | SECTRACK:1036769 | URL:http://www.securitytracker.com/id/1036769";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +8.0.0;8;0;0;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.0.27;10;0;27;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +10.1.17;10;1;17;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:0184 | URL:http://rhn.redhat.com/errata/RHSA-2017-0184.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; +5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; +7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | CONFIRM:https://www.tenable.com/security/tns-2016-19 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | REDHAT:RHSA-2018:1296 | URL:https://access.redhat.com/errata/RHSA-2018:1296 | BID:93005 | URL:http://www.securityfocus.com/bid/93005 | SECTRACK:1036836 | URL:http://www.securitytracker.com/id/1036836";Assigned (20160909);"None (candidate not yet proposed)"; +5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:2130 | URL:http://rhn.redhat.com/errata/RHSA-2016-2130.html | REDHAT:RHSA-2016:2131 | URL:http://rhn.redhat.com/errata/RHSA-2016-2131.html | REDHAT:RHSA-2016:2595 | URL:http://rhn.redhat.com/errata/RHSA-2016-2595.html | REDHAT:RHSA-2016:2749 | URL:http://rhn.redhat.com/errata/RHSA-2016-2749.html | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | BID:93737 | URL:http://www.securityfocus.com/bid/93737 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.31;5;6;31;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8284;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93755 | URL:http://www.securityfocus.com/bid/93755 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.14;5;7;14;CVE-2016-8286;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93745 | URL:http://www.securityfocus.com/bid/93745 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8287;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93727 | URL:http://www.securityfocus.com/bid/93727 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.30;5;6;30;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | REDHAT:RHSA-2016:1601 | URL:http://rhn.redhat.com/errata/RHSA-2016-1601.html | BID:93740 | URL:http://www.securityfocus.com/bid/93740 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733 | SECTRACK:1037050 | URL:http://www.securitytracker.com/id/1037050";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95557 | URL:http://www.securityfocus.com/bid/95557 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20160926);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10155;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101402 | URL:http://www.securityfocus.com/bid/101402 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10165;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101424 | URL:http://www.securityfocus.com/bid/101424 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10167;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101433 | URL:http://www.securityfocus.com/bid/101433 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10227;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101337 | URL:http://www.securityfocus.com/bid/101337 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10268;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101390 | URL:http://www.securityfocus.com/bid/101390 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10276;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101441 | URL:http://www.securityfocus.com/bid/101441 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10279;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101316 | URL:http://www.securityfocus.com/bid/101316 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10283;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101420 | URL:http://www.securityfocus.com/bid/101420 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10284;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101385 | URL:http://www.securityfocus.com/bid/101385 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10286;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:101397 | URL:http://www.securityfocus.com/bid/101397 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10294;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101444 | URL:http://www.securityfocus.com/bid/101444 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10296;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101373 | URL:http://www.securityfocus.com/bid/101373 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10311;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101446 | URL:http://www.securityfocus.com/bid/101446 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101448 | URL:http://www.securityfocus.com/bid/101448 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10314;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101314 | URL:http://www.securityfocus.com/bid/101314 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101410 | URL:http://www.securityfocus.com/bid/101410 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-10365;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | BID:101429 | URL:http://www.securityfocus.com/bid/101429 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-10378;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101375 | URL:http://www.securityfocus.com/bid/101375 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10379;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier; 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101415 | URL:http://www.securityfocus.com/bid/101415 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.5.57;5;5;57;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.6.37;5;6;37;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2017-10384;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | CONFIRM:https://security.netapp.com/advisory/ntap-20171019-0002/ | DEBIAN:DSA-4002 | URL:http://www.debian.org/security/2017/dsa-4002 | REDHAT:RHSA-2017:3265 | URL:https://access.redhat.com/errata/RHSA-2017:3265 | REDHAT:RHSA-2017:3442 | URL:https://access.redhat.com/errata/RHSA-2017:3442 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:101406 | URL:http://www.securityfocus.com/bid/101406 | SECTRACK:1039597 | URL:http://www.securitytracker.com/id/1039597";Assigned (20170621);"None (candidate not yet proposed)"; +10.1.29;10;1;29;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +10.2.9;10;2;9;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-15365;Candidate;"sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.";"CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1524234 | CONFIRM:https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ | CONFIRM:https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ | CONFIRM:https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ | CONFIRM:https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html | FEDORA:FEDORA-2018-0d6a80f496 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/";Assigned (20171015);"None (candidate not yet proposed)"; +5.0.-1;5;0;-1;CVE-2017-16540;Candidate;"OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database copying because setup.php exposes functionality for cloning an existing OpenEMR site to an arbitrary attacker-controlled MySQL server via vectors involving a crafted state parameter.";"MISC:http://www.open-emr.org/wiki/index.php/OpenEMR_Patches | MISC:https://isears.github.io/jekyll/update/2017/10/28/openemr-database-disclosure.html | BID:101983 | URL:http://www.securityfocus.com/bid/101983";Assigned (20171104);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95571 | URL:http://www.securityfocus.com/bid/95571 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95538 | URL:http://www.securityfocus.com/bid/95538 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95565 | URL:http://www.securityfocus.com/bid/95565 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95482 | URL:http://www.securityfocus.com/bid/95482 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95486 | URL:http://www.securityfocus.com/bid/95486 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95589 | URL:http://www.securityfocus.com/bid/95589 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95560 | URL:http://www.securityfocus.com/bid/95560 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95520 | URL:http://www.securityfocus.com/bid/95520 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:95583 | URL:http://www.securityfocus.com/bid/95583 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95501 | URL:http://www.securityfocus.com/bid/95501 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.55;5;5;55;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97023 | URL:http://www.securityfocus.com/bid/97023 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.2.1182;3;2;1182;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.3.2;3;3;2;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.1.6;3;1;6;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.2.1182;3;2;1182;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +3.3.2;3;3;2;CVE-2017-3307;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 3.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97844 | URL:http://www.securityfocus.com/bid/97844 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3308;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97725 | URL:http://www.securityfocus.com/bid/97725 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97742 | URL:http://www.securityfocus.com/bid/97742 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95491 | URL:http://www.securityfocus.com/bid/95491 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3809 | URL:http://www.debian.org/security/2017/dsa-3809 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95527 | URL:http://www.securityfocus.com/bid/95527 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95585 | URL:http://www.securityfocus.com/bid/95585 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | DEBIAN:DSA-3767 | URL:http://www.debian.org/security/2017/dsa-3767 | DEBIAN:DSA-3770 | URL:http://www.debian.org/security/2017/dsa-3770 | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:95588 | URL:http://www.securityfocus.com/bid/95588 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95479 | URL:http://www.securityfocus.com/bid/95479 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:95470 | URL:http://www.securityfocus.com/bid/95470 | SECTRACK:1037640 | URL:http://www.securitytracker.com/id/1037640";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | BID:97763 | URL:http://www.securityfocus.com/bid/97763 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.11;5;7;11;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3331;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97772 | URL:http://www.securityfocus.com/bid/97772 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3450;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97747 | URL:http://www.securityfocus.com/bid/97747 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3452;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97779 | URL:http://www.securityfocus.com/bid/97779 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3453;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97776 | URL:http://www.securityfocus.com/bid/97776 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3454;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97791 | URL:http://www.securityfocus.com/bid/97791 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3455;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97820 | URL:http://www.securityfocus.com/bid/97820 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3456;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97831 | URL:http://www.securityfocus.com/bid/97831 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3457;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97845 | URL:http://www.securityfocus.com/bid/97845 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3458;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97837 | URL:http://www.securityfocus.com/bid/97837 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3459;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97847 | URL:http://www.securityfocus.com/bid/97847 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3460;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97826 | URL:http://www.securityfocus.com/bid/97826 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3461;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97812 | URL:http://www.securityfocus.com/bid/97812 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3462;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97851 | URL:http://www.securityfocus.com/bid/97851 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3463;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97849 | URL:http://www.securityfocus.com/bid/97849 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3464;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | BID:97818 | URL:http://www.securityfocus.com/bid/97818 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3465;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97822 | URL:http://www.securityfocus.com/bid/97822 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3467;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97825 | URL:http://www.securityfocus.com/bid/97825 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3468;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:97848 | URL:http://www.securityfocus.com/bid/97848 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3529;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99746 | URL:http://www.securityfocus.com/bid/99746 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3599;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.";"EXPLOIT-DB:41954 | URL:https://www.exploit-db.com/exploits/41954/ | MISC:https://www.secforce.com/blog/2017/04/cve-2017-3599-pre-auth-mysql-remote-dos/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:97754 | URL:http://www.securityfocus.com/bid/97754 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.54;5;5;54;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.35;5;6;35;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.17;5;7;17;CVE-2017-3600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | DEBIAN:DSA-3834 | URL:http://www.debian.org/security/2017/dsa-3834 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | BID:97765 | URL:http://www.securityfocus.com/bid/97765 | SECTRACK:1038287 | URL:http://www.securitytracker.com/id/1038287";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3633;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99722 | URL:http://www.securityfocus.com/bid/99722 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3634;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99729 | URL:http://www.securityfocus.com/bid/99729 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3636;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99736 | URL:http://www.securityfocus.com/bid/99736 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3637;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99748 | URL:http://www.securityfocus.com/bid/99748 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3638;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99778 | URL:http://www.securityfocus.com/bid/99778 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3639;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99753 | URL:http://www.securityfocus.com/bid/99753 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99765 | URL:http://www.securityfocus.com/bid/99765 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3641;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99767 | URL:http://www.securityfocus.com/bid/99767 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3642;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99779 | URL:http://www.securityfocus.com/bid/99779 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3643;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99772 | URL:http://www.securityfocus.com/bid/99772 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3644;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99775 | URL:http://www.securityfocus.com/bid/99775 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99783 | URL:http://www.securityfocus.com/bid/99783 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.16;5;7;16;CVE-2017-3646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99786 | URL:http://www.securityfocus.com/bid/99786 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99796 | URL:http://www.securityfocus.com/bid/99796 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3648;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99789 | URL:http://www.securityfocus.com/bid/99789 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3649;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99799 | URL:http://www.securityfocus.com/bid/99799 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3650;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | BID:99808 | URL:http://www.securityfocus.com/bid/99808 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3651;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2016:2927 | URL:http://rhn.redhat.com/errata/RHSA-2016-2927.html | REDHAT:RHSA-2016:2928 | URL:http://rhn.redhat.com/errata/RHSA-2016-2928.html | REDHAT:RHSA-2017:2192 | URL:https://access.redhat.com/errata/RHSA-2017:2192 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99802 | URL:http://www.securityfocus.com/bid/99802 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3652;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | BID:99805 | URL:http://www.securityfocus.com/bid/99805 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.56;5;5;56;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.6.36;5;6;36;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.7.18;5;7;18;CVE-2017-3653;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier; 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | DEBIAN:DSA-3922 | URL:http://www.debian.org/security/2017/dsa-3922 | DEBIAN:DSA-3944 | URL:http://www.debian.org/security/2017/dsa-3944 | DEBIAN:DSA-3955 | URL:https://www.debian.org/security/2017/dsa-3955 | REDHAT:RHSA-2017:2886 | URL:https://access.redhat.com/errata/RHSA-2017:2886 | REDHAT:RHSA-2017:2787 | URL:https://access.redhat.com/errata/RHSA-2017:2787 | REDHAT:RHSA-2018:0279 | URL:https://access.redhat.com/errata/RHSA-2018:0279 | REDHAT:RHSA-2018:0574 | URL:https://access.redhat.com/errata/RHSA-2018:0574 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | BID:99810 | URL:http://www.securityfocus.com/bid/99810 | SECTRACK:1038928 | URL:http://www.securitytracker.com/id/1038928";Assigned (20161206);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2562;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102713 | URL:http://www.securityfocus.com/bid/102713 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2565;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102712 | URL:http://www.securityfocus.com/bid/102712 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2573;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102710 | URL:http://www.securityfocus.com/bid/102710 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2576;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102695 | URL:http://www.securityfocus.com/bid/102695 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2583;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102708 | URL:http://www.securityfocus.com/bid/102708 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2586;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102700 | URL:http://www.securityfocus.com/bid/102700 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2590;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102697 | URL:http://www.securityfocus.com/bid/102697 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.19;5;7;19;CVE-2018-2591;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | BID:102714 | URL:http://www.securityfocus.com/bid/102714 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2600;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102696 | URL:http://www.securityfocus.com/bid/102696 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2612;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102709 | URL:http://www.securityfocus.com/bid/102709 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2622;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102706 | URL:http://www.securityfocus.com/bid/102706 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2640;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102678 | URL:http://www.securityfocus.com/bid/102678 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2645;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102698 | URL:http://www.securityfocus.com/bid/102698 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2646;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102703 | URL:http://www.securityfocus.com/bid/102703 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2647;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102711 | URL:http://www.securityfocus.com/bid/102711 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2665;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102681 | URL:http://www.securityfocus.com/bid/102681 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2667;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102685 | URL:http://www.securityfocus.com/bid/102685 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.58;5;5;58;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2668;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior; 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180119 [SECURITY] [DLA 1250-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/01/msg00024.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | DEBIAN:DSA-4091 | URL:https://www.debian.org/security/2018/dsa-4091 | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | UBUNTU:USN-3537-2 | URL:https://usn.ubuntu.com/3537-2/ | BID:102682 | URL:http://www.securityfocus.com/bid/102682 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2696;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102701 | URL:http://www.securityfocus.com/bid/102701 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.38;5;6;38;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.20;5;7;20;CVE-2018-2703;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180117-0002/ | REDHAT:RHSA-2018:0586 | URL:https://access.redhat.com/errata/RHSA-2018:0586 | REDHAT:RHSA-2018:0587 | URL:https://access.redhat.com/errata/RHSA-2018:0587 | UBUNTU:USN-3537-1 | URL:https://usn.ubuntu.com/3537-1/ | BID:102704 | URL:http://www.securityfocus.com/bid/102704 | SECTRACK:1040216 | URL:http://www.securitytracker.com/id/1040216";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2755;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103807 | URL:http://www.securityfocus.com/bid/103807 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2758;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103802 | URL:http://www.securityfocus.com/bid/103802 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2759;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103780 | URL:http://www.securityfocus.com/bid/103780 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2761;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103820 | URL:http://www.securityfocus.com/bid/103820 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2762;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103794 | URL:http://www.securityfocus.com/bid/103794 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2766;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103805 | URL:http://www.securityfocus.com/bid/103805 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.60;5;5;60;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-2767;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:103954 | URL:http://www.securityfocus.com/bid/103954 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2769;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103876 | URL:http://www.securityfocus.com/bid/103876 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2771;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103828 | URL:http://www.securityfocus.com/bid/103828 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2773;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103811 | URL:http://www.securityfocus.com/bid/103811 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2775;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103777 | URL:http://www.securityfocus.com/bid/103777 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2776;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103791 | URL:http://www.securityfocus.com/bid/103791 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2777;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103781 | URL:http://www.securityfocus.com/bid/103781 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2778;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103785 | URL:http://www.securityfocus.com/bid/103785 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2779;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103787 | URL:http://www.securityfocus.com/bid/103787 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2780;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103778 | URL:http://www.securityfocus.com/bid/103778 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2781;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103825 | URL:http://www.securityfocus.com/bid/103825 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2782;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103799 | URL:http://www.securityfocus.com/bid/103799 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2784;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103801 | URL:http://www.securityfocus.com/bid/103801 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2786;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103779 | URL:http://www.securityfocus.com/bid/103779 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2787;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103804 | URL:http://www.securityfocus.com/bid/103804 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2805;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | BID:103831 | URL:http://www.securityfocus.com/bid/103831 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2810;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103783 | URL:http://www.securityfocus.com/bid/103783 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2812;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103836 | URL:http://www.securityfocus.com/bid/103836 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2813;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103830 | URL:http://www.securityfocus.com/bid/103830 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2816;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103789 | URL:http://www.securityfocus.com/bid/103789 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2817;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103818 | URL:http://www.securityfocus.com/bid/103818 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2818;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103824 | URL:http://www.securityfocus.com/bid/103824 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.59;5;5;59;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.39;5;6;39;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2819;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior; 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180419 [SECURITY] [DLA 1355-1] mysql-5.5 security update | URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00020.html | MLIST:[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | DEBIAN:DSA-4176 | URL:https://www.debian.org/security/2018/dsa-4176 | REDHAT:RHSA-2018:1254 | URL:https://access.redhat.com/errata/RHSA-2018:1254 | REDHAT:RHSA-2018:2439 | URL:https://access.redhat.com/errata/RHSA-2018:2439 | REDHAT:RHSA-2018:2729 | URL:https://access.redhat.com/errata/RHSA-2018:2729 | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-2 | URL:https://usn.ubuntu.com/3629-2/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103814 | URL:http://www.securityfocus.com/bid/103814 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2839;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103845 | URL:http://www.securityfocus.com/bid/103845 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.21;5;7;21;CVE-2018-2846;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180419-0002/ | UBUNTU:USN-3629-1 | URL:https://usn.ubuntu.com/3629-1/ | UBUNTU:USN-3629-3 | URL:https://usn.ubuntu.com/3629-3/ | BID:103790 | URL:http://www.securityfocus.com/bid/103790 | SECTRACK:1040698 | URL:http://www.securitytracker.com/id/1040698";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3054;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3056;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.60;5;5;60;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3058;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3060;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3061;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104785 | URL:http://www.securityfocus.com/bid/104785 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3062;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.60;5;5;60;CVE-2018-3063;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104786 | URL:http://www.securityfocus.com/bid/104786 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3064;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior; 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update; insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104776 | URL:http://www.securityfocus.com/bid/104776 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3065;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.60;5;5;60;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3066;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update; insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).";"MLIST:[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update | URL:https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3067;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.5.60;5;5;60;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.6.40;5;6;40;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3070;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior; 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | UBUNTU:USN-3725-2 | URL:https://usn.ubuntu.com/3725-2/ | BID:104766 | URL:http://www.securityfocus.com/bid/104766 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3071;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104784 | URL:http://www.securityfocus.com/bid/104784 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3073;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3074;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3075;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +5.7.22;5;7;22;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3077;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | UBUNTU:USN-3725-1 | URL:https://usn.ubuntu.com/3725-1/ | BID:104769 | URL:http://www.securityfocus.com/bid/104769 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3078;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3079;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3080;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3082;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104772 | URL:http://www.securityfocus.com/bid/104772 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +8.0.11;8;0;11;CVE-2018-3084;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | CONFIRM:https://security.netapp.com/advisory/ntap-20180726-0002/ | BID:104788 | URL:http://www.securityfocus.com/bid/104788 | SECTRACK:1041294 | URL:http://www.securitytracker.com/id/1041294";Assigned (20171215);"None (candidate not yet proposed)"; +0.37.12;0;37;12;CVE-2018-6617;Candidate;"Easy Hosting Control Panel (EHCP) v0.37.12.b; when using a local MySQL server; allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.";"MISC:http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-UNVERIFIED-PASSWORD-CHANGE.txt | MISC:http://packetstormsecurity.com/files/147558/Easy-Hosting-Control-Panel-0.37.12.b-Unverified-Password-Change.html";Assigned (20180204);"None (candidate not yet proposed)";