hhf/MySQLTuner-perl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update vulnerabilities list

Browse source
This commit is contained in:
Jean-Marie RENOUARD 2017-07-05 11:51:33 +02:00
parent b16dfb6254
commit 77bcb72702
3 changed files with 239 additions and 181 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
USAGE.md
View file

@ -11,17 +11,18 @@ You must provide the remote server's total memory when connecting to other serve
# CONNECTION AND AUTHENTIFICATION
--host <hostname> Connect to a remote host to perform tests (default: localhost)
--socket <socket> Use a different socket for a local connection
--port <port> Port to use for connection (default: 3306)
--user <username> Username to use for authentication
--userenv <envvar> Name of env variable which contains username to use for authentication
--pass <password> Password to use for authentication
--passenv <envvar> Name of env variable which contains password to use for authentication
--mysqladmin <path> Path to a custom mysqladmin executable
--mysqlcmd <path> Path to a custom mysql executable
--defaults-file <path> Path to a custom .my.cnf
=head1 PERFORMANCE AND REPORTING OPTIONS
--host <hostname> Connect to a remote host to perform tests (default: localhost)
--socket <socket> Use a different socket for a local connection
--port <port> Port to use for connection (default: 3306)
--user <username> Username to use for authentication
--userenv <envvar> Name of env variable which contains username to use for authentication
--pass <password> Password to use for authentication
--passenv <envvar> Name of env variable which contains password to use for authentication
--mysqladmin <path> Path to a custom mysqladmin executable
--mysqlcmd <path> Path to a custom mysql executable
--defaults-file <path> Path to a custom .my.cnf
# PERFORMANCE AND REPORTING OPTIONS
--skipsize Don't enumerate tables and their types/sizes (default: on)
(Recommended for servers with many tables)
@ -53,7 +54,8 @@ You must provide the remote server's total memory when connecting to other serve
--reportfile <path> Path to a report txt file
--template <path> Path to a template file
--verbose Prints out all options (default: no verbose)
=head1 PERLDOC
# PERLDOC
You can find documentation for this module with the perldoc command.
@ -140,4 +142,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
along with this program. If not, see &lt;http://www.gnu.org/licenses/>.

252
mysqltuner.pl
View file

@ -120,16 +120,31 @@ GetOptions(
'password=s', 'pfstat',
'passenv=s', 'userenv=s',
'defaults-file=s'
) or pod2usage(-exitval => 1, -verbose => 99,
-sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION",
"PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ]
);
)
or pod2usage(
-exitval => 1,
-verbose => 99,
-sections => [
"NAME",
"IMPORTANT USAGE GUIDELINES",
"CONNECTION AND AUTHENTIFICATION",
"PERFORMANCE AND REPORTING OPTIONS",
"OUTPUT OPTIONS"
]
);
if ( defined $opt{'help'} && $opt{'help'} == 1 ) {
pod2usage(-exitval => 0, -verbose => 99,
-sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION",
"PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ]
);
pod2usage(
-exitval => 0,
-verbose => 99,
-sections => [
"NAME",
"IMPORTANT USAGE GUIDELINES",
"CONNECTION AND AUTHENTIFICATION",
"PERFORMANCE AND REPORTING OPTIONS",
"OUTPUT OPTIONS"
]
);
}
my $devnull = File::Spec->devnull();
@ -245,9 +260,10 @@ sub infoprinthcmd {
infoprintcmd "$_[1]";
}
# Calculates the number of phyiscal cores considering HyperThreading
# Calculates the number of phyiscal cores considering HyperThreading
sub cpu_cores {
my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`;
my $cntCPU =
`awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 }; END { print CPUs*CORES }' /proc/cpuinfo`;
return ( $cntCPU == 0 ? `nproc` : $cntCPU );
}
@ -482,7 +498,8 @@ sub validate_tuner_version {
}
my $update;
my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl";
my $url =
"https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl";
my $httpcli = get_http_cli();
if ( $httpcli =~ /curl$/ ) {
debugprint "$httpcli is available.";
@ -557,9 +574,9 @@ sub update_tuner_version {
debugprint "$httpcli is available.";
debugprint
"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'";
"$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'";
$update =
`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`;
`$httpcli -qe timestamping=off -t 1 -T 3 -O $script '$url$script'`;
chomp($update);
if ( -s $script eq 0 ) {
@ -666,7 +683,7 @@ sub mysql_setup {
if ( $opt{socket} ne 0 ) {
$remotestring = " -S $opt{socket} -P $opt{port}";
}
# Are we being asked to connect to a remote server?
if ( $opt{host} ne 0 ) {
chomp( $opt{host} );
@ -684,8 +701,9 @@ sub mysql_setup {
if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) {
$doremote = 1;
}
} else {
$opt{host}='127.0.0.1';
}
else {
$opt{host} = '127.0.0.1';
}
# Did we already get a username without password on the command line?
@ -814,6 +832,7 @@ sub mysql_setup {
}
}
else {
# It's not Plesk or debian, we should try a login
debugprint "$mysqladmincmd $remotestring ping 2>&1";
my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`;
@ -936,7 +955,7 @@ sub select_one {
# MySQL Request one
sub select_one_g {
my $pattern = shift;
my $req = shift;
debugprint "PERFORM: $req ";
my @result = `$mysqlcmd $mysqllogin -re "\\w$req\\G" 2>>/dev/null`;
@ -951,17 +970,19 @@ sub select_one_g {
}
debugprint "select_array: return code : $?";
chomp(@result);
return (grep { /$pattern/ } @result)[0];
return ( grep { /$pattern/ } @result )[0];
}
sub select_str_g {
my $pattern = shift;
my $req = shift;
my $str=select_one_g $pattern, $req;
my @val=split /:/, $str;
my $str = select_one_g $pattern, $req;
my @val = split /:/, $str;
shift @val;
return trim(@val);
}
sub get_tuning_info {
my @infoconn = select_array "\\s";
my ( $tkey, $tval );
@ -1441,7 +1462,8 @@ sub get_kernel_info {
badprint
"Swappiness is > 10, please consider having a value lower than 10";
push @generalrec, "setup swappiness lower or equals to 10";
push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)';
push @adjvars,
'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)';
}
else {
infoprint "Swappiness is < 10.";
@ -1796,7 +1818,7 @@ sub get_replication_status {
"This replication slave is not running but seems to be configured.";
}
if ( defined($io_running)
&& $io_running =~ /yes/i
&& $io_running =~ /yes/i
&& $sql_running =~ /yes/i )
{
if ( $myvar{'read_only'} eq 'OFF' ) {
@ -1847,7 +1869,8 @@ sub mysql_version_ge {
return
int($mysqlvermajor) > int($maj)
|| ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) )
|| ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min)
|| ( int($mysqlvermajor) == int($maj)
&& int($mysqlverminor) == int($min)
&& int($mysqlvermicro) >= int($mic) );
}
@ -1859,7 +1882,8 @@ sub mysql_version_le {
return
int($mysqlvermajor) < int($maj)
|| ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) )
|| ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min)
|| ( int($mysqlvermajor) == int($maj)
&& int($mysqlverminor) == int($min)
&& int($mysqlvermicro) <= int($mic) );
}
@ -2062,7 +2086,7 @@ sub check_storage_engines {
debugprint "Data dump " . Dumper(@$tbl);
my ( $engine, $size, $datafree ) = @$tbl;
next if $engine eq 'NULL';
$size = 0 if $size eq 'NULL';
$size = 0 if $size eq 'NULL';
$datafree = 0 if $datafree eq 'NULL';
if ( defined $enginestats{$engine} ) {
$enginestats{$engine} += $size;
@ -2124,7 +2148,8 @@ sub check_storage_engines {
$total_free += $data_free;
my ( $table_schema, $table_name ) = split( /\./, $full_table_name );
push( @generalrec,
" OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" );
" OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB"
);
}
push( @generalrec,
"Total freed space after theses OPTIMIZE TABLE : $total_free Mb" );
@ -2300,7 +2325,7 @@ sub calculations {
$myvar{'key_cache_block_size'}
) / $myvar{'key_buffer_size'}
)
) * 100
) * 100
);
}
else {
@ -2341,8 +2366,9 @@ sub calculations {
}
if ( $mystat{'Key_write_requests'} > 0 ) {
$mycalc{'pct_wkeys_from_mem'} = sprintf(
"%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) );
$mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f",
( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 )
);
}
else {
$mycalc{'pct_wkeys_from_mem'} = 0;
@ -2386,14 +2412,14 @@ sub calculations {
(
$mystat{'Qcache_hits'} /
( $mystat{'Com_select'} + $mystat{'Qcache_hits'} )
) * 100
) * 100
);
if ( $myvar{'query_cache_size'} ) {
$mycalc{'pct_query_cache_used'} = sprintf(
"%.1f",
100 - (
$mystat{'Qcache_free_memory'} / $myvar{'query_cache_size'}
) * 100
) * 100
);
}
if ( $mystat{'Qcache_lowmem_prunes'} == 0 ) {
@ -2618,7 +2644,7 @@ sub mysql_stats {
if ( defined $myvar{'query_cache_type'} ) {
infoprint "Query Cache Buffers";
infoprint " +-- Query Cache: "
infoprint " +-- Query Cache: "
. $myvar{'query_cache_type'} . " - "
. (
$myvar{'query_cache_type'} eq 0 |
@ -3121,6 +3147,7 @@ sub mysql_myisam {
}
}
else {
# No queries have run that would use keys
debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% ("
. hr_num(
@ -3180,6 +3207,7 @@ sub mysql_myisam {
}
}
else {
# No queries have run that would use keys
debugprint "Key buffer size / total MyISAM indexes: "
. hr_bytes( $myvar{'key_buffer_size'} ) . "/"
@ -3204,6 +3232,7 @@ sub mysql_myisam {
}
}
else {
# No queries have run that would use keys
debugprint
"Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% ("
@ -4882,7 +4911,8 @@ sub mariadb_xtradb {
}
infoprint "XtraDB is enabled.";
infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB."
# All is to done here
# All is to done here
}
# Recommendations for RocksDB
@ -5014,11 +5044,11 @@ group by c.table_schema,c.table_name
having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0"
);
if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores * 4
or get_wsrep_option('wsrep_slave_threads') < cpu_cores * 3 )
if ( get_wsrep_option('wsrep_slave_threads') > cpu_cores *4
or get_wsrep_option('wsrep_slave_threads') < cpu_cores *3 )
{
badprint
"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)";
"wsrep_slave_threads is not equal to 2, 3 or 4 times number of CPU(s)";
push @adjvars, "wsrep_slave_threads= Nb of Core CPU * 4";
}
else {
@ -5031,43 +5061,55 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0"
{
badprint "gcs.limit should be equal to 5 * wsrep_slave_threads";
push @adjvars, "gcs.limit= wsrep_slave_threads * 5";
} else {
}
else {
goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads";
}
if (get_wsrep_option('wsrep_slave_threads') > 1) {
infoprint "wsrep parallel slave can cause frequent inconsistency crash.";
push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave";
if ( get_wsrep_option('wsrep_slave_threads') > 1 ) {
infoprint
"wsrep parallel slave can cause frequent inconsistency crash.";
push @adjvars,
"Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave";
# check options for parallel slave
if (get_wsrep_option('wsrep_slave_FK_checks') eq "OFF") {
if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) {
badprint "wsrep_slave_FK_checks is off with parallel slave";
push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave";
push @adjvars,
"wsrep_slave_FK_checks should be ON when using parallel slave";
}
# wsrep_slave_UK_checks seems useless in MySQL source code
if ($myvar{'innodb_autoinc_lock_mode'} != 2) {
badprint "innodb_autoinc_lock_mode is incorrect with parallel slave";
push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave";
if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) {
badprint
"innodb_autoinc_lock_mode is incorrect with parallel slave";
push @adjvars,
"innodb_autoinc_lock_mode should be 2 when using parallel slave";
}
}
if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) {
if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 )
{
badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads";
push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5";
} else {
}
else {
goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads";
}
if (get_wsrep_option('gcs.fc_factor') != 0.8 ) {
if ( get_wsrep_option('gcs.fc_factor') != 0.8 ) {
badprint "gcs.fc_factor should be equal to 0.8";
push @adjvars, "gcs.fc_factor=0.8";
}
else {
goodprint "gcs.fc_factor is equal to 0.8";
}
if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) {
if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) {
badprint "Fraction of time node pause flow control > 0.02";
} else {
goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)";
}
else {
goodprint
"Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)";
}
if ( scalar(@primaryKeysNbTables) > 0 ) {
@ -5076,7 +5118,8 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0"
badprint "\t$badtable";
push @{ $result{'Tables without PK'} }, $badtable;
}
} else {
}
else {
goodprint "All tables get a primary key";
}
my @nonInnoDBTables = select_array(
@ -5089,19 +5132,22 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0"
foreach my $badtable (@nonInnoDBTables) {
badprint "\t$badtable";
}
} else {
}
else {
goodprint "All tables are InnoDB tables";
}
if ( $myvar{'binlog_format'} ne 'ROW' ) {
badprint "Binlog format should be in ROW mode.";
push @adjvars, "binlog_format = ROW";
} else {
}
else {
goodprint "Binlog format is in ROW mode.";
}
if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) {
badprint "InnoDB flush log at each commit should be disabled.";
push @adjvars, "innodb_flush_log_at_trx_commit = 0";
} else {
}
else {
goodprint "InnoDB flush log at each commit is disabled for Galera.";
}
@ -5552,7 +5598,9 @@ sub mysql_databases {
return;
}
my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );");
my @dblist = select_array(
"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"
);
infoprint "There is " . scalar(@dblist) . " Database(s).";
my @totaldbinfo = split /\s/,
select_one(
@ -5715,7 +5763,6 @@ sub mysql_databases {
}
# Recommendations for database columns
sub mysql_tables {
return if ( $opt{dbstat} == 0 );
@ -5726,44 +5773,52 @@ sub mysql_tables {
"Skip Database metrics from information schema missing in this version";
return;
}
my @dblist = select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );");
my @dblist = select_array(
"SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"
);
foreach (@dblist) {
my $dbname=$_;
my $dbname = $_;
next unless defined $_;
infoprint "Database: " . $_ . "";
my @dbtable = select_array(
"SELECT TABLE_NAME FROM information_schema.TABLES WHERE TABLE_SCHEMA='$dbname' AND TABLE_TYPE='BASE TABLE' ORDER BY TABLE_NAME"
);
foreach(@dbtable) {
my $tbname=$_;
);
foreach (@dbtable) {
my $tbname = $_;
infoprint " +-- TABLE: $tbname";
my @tbcol=select_array(
"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" );
foreach(@tbcol) {
my $ctype=select_one(
"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " );
my $isnull=select_one(
"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " );
infoprint " +-- Column $tbname.$_:" ;
my $current_type=uc($ctype). ($isnull eq 'NO'?" NOT NULL":"");
my $optimal_type=select_str_g("Optimal_fieldtype", "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)");
if ( $current_type ne $optimal_type )
{
infoprint " Current Fieldtype: $current_type";
infoprint " Optimal Fieldtype: $optimal_type";
badprint
"Consider changing type for column $_ in table $dbname.$tbname";
push( @generalrec,
"ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" );
my @tbcol = select_array(
"SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'"
);
foreach (@tbcol) {
my $ctype = select_one(
"SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' "
);
my $isnull = select_one(
"SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' "
);
infoprint " +-- Column $tbname.$_:";
my $current_type =
uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" );
my $optimal_type = select_str_g( "Optimal_fieldtype",
"SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)"
);
}
else {
goodprint "$dbname.$tbname ($_) type: $current_type";
}
if ( $current_type ne $optimal_type ) {
infoprint " Current Fieldtype: $current_type";
infoprint " Optimal Fieldtype: $optimal_type";
badprint
"Consider changing type for column $_ in table $dbname.$tbname";
push( @generalrec,
"ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;"
);
}
else {
goodprint "$dbname.$tbname ($_) type: $current_type";
}
}
}
}
}
}
@ -5833,13 +5888,13 @@ ENDSQL
infoprint " +-- TYPE : " . $info[6];
infoprint " +-- SELECTIVITY : " . $info[7] . "%";
$result{'Indexes'}{ $info[1] }{'Column'} = $info[0];
$result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2];
$result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3];
$result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4];
$result{'Indexes'}{ $info[1] }{'Row number'} = $info[5];
$result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6];
$result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7];
$result{'Indexes'}{ $info[1] }{'Column'} = $info[0];
$result{'Indexes'}{ $info[1] }{'Sequence number'} = $info[2];
$result{'Indexes'}{ $info[1] }{'Number of column'} = $info[3];
$result{'Indexes'}{ $info[1] }{'Cardinality'} = $info[4];
$result{'Indexes'}{ $info[1] }{'Row number'} = $info[5];
$result{'Indexes'}{ $info[1] }{'Index Type'} = $info[6];
$result{'Indexes'}{ $info[1] }{'Selectivity'} = $info[7];
if ( $info[7] < 25 ) {
badprint "$info[1] has a low selectivity";
}
@ -5935,6 +5990,7 @@ if ( $opt{'template'} ne 0 ) {
$templateModel = file2string( $opt{'template'} );
}
else {
# DEFAULT REPORT TEMPLATE
$templateModel = <<'END_TEMPLATE';
<!DOCTYPE html>
@ -6015,7 +6071,7 @@ sub which {
# ---------------------------------------------------------------------------
# BEGIN 'MAIN'
# ---------------------------------------------------------------------------
headerprint; # Header Print
headerprint; # Header Print
validate_tuner_version; # Check last version
mysql_setup; # Gotta login first

140
vulnerabilities.csv
View file

@ -354,35 +354,35 @@
5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/ | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | MANDRIVA:MDVSA-2015:227 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74095 | URL:http://www.securityfocus.com/bid/74095 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)";
5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)";
5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html | DEBIAN:DSA-3229 | URL:http://www.debian.org/security/2015/dsa-3229 | GENTOO:GLSA-201507-19 | URL:https://security.gentoo.org/glsa/201507-19 | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:SUSE-SU-2015:0946 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html | UBUNTU:USN-2575-1 | URL:http://www.ubuntu.com/usn/USN-2575-1 | BID:74078 | URL:http://www.securityfocus.com/bid/74078 | SECTRACK:1032121 | URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75751 | URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75762 | URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75774 | URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75837 | URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75760 | URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75815 | URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75830 | URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75822 | URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75813 | URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)";
5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";
6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade | URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded | MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/ | MISC:http://www.ocert.org/advisories/ocert-2015-003.html | MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability | MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html | CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/ | CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152 | CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390 | CONFIRM:https://jira.mariadb.org/browse/MDEV-7937 | FEDORA:FEDORA-2015-10831 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html | FEDORA:FEDORA-2015-10849 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html | BID:74398 | URL:http://www.securityfocus.com/bid/74398 | SECTRACK:1032216 | URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)";
5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)";
5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75802 | URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)";
5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | DEBIAN:DSA-3308 | URL:http://www.debian.org/security/2015/dsa-3308 | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75849 | URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)";
5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | BID:75785 | URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)";
5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)";
5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | REDHAT:RHSA-2015:1629 | URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html | REDHAT:RHSA-2015:1628 | URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75759 | URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75770 | URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)";
5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77232 | URL:http://www.securityfocus.com/bid/77232 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75844 | URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75753 | URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75835 | URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)";
5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html | GENTOO:GLSA-201610-06 | URL:https://security.gentoo.org/glsa/201610-06 | REDHAT:RHSA-2015:1630 | URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html | SUSE:openSUSE-SU-2015:1629 | URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html | UBUNTU:USN-2674-1 | URL:http://www.ubuntu.com/usn/USN-2674-1 | BID:75781 | URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)";
5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | BID:77213 | URL:http://www.securityfocus.com/bid/77213 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";
5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";
5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html | DEBIAN:DSA-3385 | URL:http://www.debian.org/security/2015/dsa-3385 | DEBIAN:DSA-3377 | URL:http://www.debian.org/security/2015/dsa-3377 | FEDORA:FEDORA-2016-e30164d0a2 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html | REDHAT:RHSA-2016:0534 | URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html | REDHAT:RHSA-2016:0705 | URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html | SUSE:SUSE-SU-2016:0296 | URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html | SUSE:openSUSE-SU-2016:0368 | URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html | SUSE:openSUSE-SU-2015:2244 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html | SUSE:openSUSE-SU-2015:2246 | URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html | UBUNTU:USN-2781-1 | URL:http://www.ubuntu.com/usn/USN-2781-1 | BID:77171 | URL:http://www.securityfocus.com/bid/77171 | SECTRACK:1033894 | URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)";
@ -540,12 +540,12 @@
5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)";
5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)";
5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678 | URL:https://www.exploit-db.com/exploits/40678/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day ) | URL:http://www.openwall.com/lists/oss-security/2016/10/25/4 | MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html | CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html | CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805 | CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291 | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:92911 | URL:http://www.securityfocus.com/bid/92911 | BID:93614 | URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)";
5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)";
7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)";
5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 ) | URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded | EXPLOIT-DB:40679 | URL:https://www.exploit-db.com/exploits/40679/ | FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616] | URL:http://seclists.org/fulldisclosure/2016/Nov/4 | MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html | MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html | CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:93612 | URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)";
5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)";
7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11 | URL:http://www.openwall.com/lists/oss-security/2016/09/15/10 | CONFIRM:http://www.php.net/ChangeLog-5.php | CONFIRM:http://www.php.net/ChangeLog-7.php | CONFIRM:https://bugs.php.net/bug.php?id=72293 | CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 | GENTOO:GLSA-201611-22 | URL:https://security.gentoo.org/glsa/201611-22 | BID:93005 | URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)";
5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)";
5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)";
5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/ | CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/ | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93737 | URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)";
@ -557,32 +557,32 @@
5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93740 | URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)";
5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93720 | URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)";
5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html | GENTOO:GLSA-201701-01 | URL:https://security.gentoo.org/glsa/201701-01 | BID:93733 | URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95580 | URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95557 | URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95571 | URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95538 | URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95565 | URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95482 | URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95486 | URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95589 | URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95560 | URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95520 | URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95583 | URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95501 | URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)";
5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)";
5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure) | URL:http://www.openwall.com/lists/oss-security/2017/03/17/3 | MISC:http://riddle.link/ | CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97023 | URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)";
3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97724 | URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)";
@ -597,20 +597,20 @@
5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)";
5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)";
5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97742 | URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95491 | URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95527 | URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95585 | URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)";
5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | GENTOO:GLSA-201702-18 | URL:https://security.gentoo.org/glsa/201702-18 | BID:95588 | URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95479 | URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)";
5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html | GENTOO:GLSA-201702-17 | URL:https://security.gentoo.org/glsa/201702-17 | BID:95470 | URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)";
5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)";
5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)";
5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html | BID:97763 | URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)";

Can't render this file because it is too large.