Update vulnerabilities list
This commit is contained in:
		
							parent
							
								
									b16dfb6254
								
							
						
					
					
						commit
						77bcb72702
					
				
					 3 changed files with 239 additions and 181 deletions
				
			
		
							
								
								
									
										8
									
								
								USAGE.md
									
									
									
									
									
								
							
							
						
						
									
										8
									
								
								USAGE.md
									
									
									
									
									
								
							|  | @ -21,7 +21,8 @@ You must provide the remote server's total memory when connecting to other serve | ||||||
|     --mysqladmin <path>         Path to a custom mysqladmin executable |     --mysqladmin <path>         Path to a custom mysqladmin executable | ||||||
|     --mysqlcmd <path>           Path to a custom mysql executable |     --mysqlcmd <path>           Path to a custom mysql executable | ||||||
|     --defaults-file <path>      Path to a custom .my.cnf |     --defaults-file <path>      Path to a custom .my.cnf | ||||||
|    =head1 PERFORMANCE AND REPORTING OPTIONS | 
 | ||||||
|  | # PERFORMANCE AND REPORTING OPTIONS | ||||||
| 
 | 
 | ||||||
|     --skipsize                  Don't enumerate tables and their types/sizes (default: on) |     --skipsize                  Don't enumerate tables and their types/sizes (default: on) | ||||||
|                                 (Recommended for servers with many tables) |                                 (Recommended for servers with many tables) | ||||||
|  | @ -53,7 +54,8 @@ You must provide the remote server's total memory when connecting to other serve | ||||||
|     --reportfile <path>         Path to a report txt file |     --reportfile <path>         Path to a report txt file | ||||||
|     --template   <path>         Path to a template file |     --template   <path>         Path to a template file | ||||||
|     --verbose                   Prints out all options (default: no verbose) |     --verbose                   Prints out all options (default: no verbose) | ||||||
|    =head1 PERLDOC | 
 | ||||||
|  | # PERLDOC | ||||||
| 
 | 
 | ||||||
| You can find documentation for this module with the perldoc command. | You can find documentation for this module with the perldoc command. | ||||||
| 
 | 
 | ||||||
|  | @ -140,4 +142,4 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||||||
|     See the GNU General Public License for more details. |     See the GNU General Public License for more details. | ||||||
| 
 | 
 | ||||||
| You should have received a copy of the GNU General Public License | You should have received a copy of the GNU General Public License | ||||||
| along with this program.  If not, see <http://www.gnu.org/licenses/>. | along with this program.  If not, see <http://www.gnu.org/licenses/>. | ||||||
|  |  | ||||||
							
								
								
									
										136
									
								
								mysqltuner.pl
									
									
									
									
									
								
							
							
						
						
									
										136
									
								
								mysqltuner.pl
									
									
									
									
									
								
							|  | @ -120,15 +120,30 @@ GetOptions( | ||||||
|     'password=s',     'pfstat', |     'password=s',     'pfstat', | ||||||
|     'passenv=s',      'userenv=s', |     'passenv=s',      'userenv=s', | ||||||
|     'defaults-file=s' |     'defaults-file=s' | ||||||
| ) or pod2usage(-exitval => 1, -verbose => 99, |   ) | ||||||
|                -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", |   or pod2usage( | ||||||
|                               "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] |     -exitval  => 1, | ||||||
|  |     -verbose  => 99, | ||||||
|  |     -sections => [ | ||||||
|  |         "NAME", | ||||||
|  |         "IMPORTANT USAGE GUIDELINES", | ||||||
|  |         "CONNECTION AND AUTHENTIFICATION", | ||||||
|  |         "PERFORMANCE AND REPORTING OPTIONS", | ||||||
|  |         "OUTPUT OPTIONS" | ||||||
|  |     ] | ||||||
|   ); |   ); | ||||||
| 
 | 
 | ||||||
| if ( defined $opt{'help'} && $opt{'help'} == 1 ) { | if ( defined $opt{'help'} && $opt{'help'} == 1 ) { | ||||||
|     pod2usage(-exitval => 0, -verbose => 99, |     pod2usage( | ||||||
|               -sections => [ "NAME", "IMPORTANT USAGE GUIDELINES", "CONNECTION AND AUTHENTIFICATION", |         -exitval  => 0, | ||||||
|                              "PERFORMANCE AND REPORTING OPTIONS", "OUTPUT OPTIONS" ] |         -verbose  => 99, | ||||||
|  |         -sections => [ | ||||||
|  |             "NAME", | ||||||
|  |             "IMPORTANT USAGE GUIDELINES", | ||||||
|  |             "CONNECTION AND AUTHENTIFICATION", | ||||||
|  |             "PERFORMANCE AND REPORTING OPTIONS", | ||||||
|  |             "OUTPUT OPTIONS" | ||||||
|  |         ] | ||||||
|     ); |     ); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -247,7 +262,8 @@ sub infoprinthcmd { | ||||||
| 
 | 
 | ||||||
| # Calculates the number of phyiscal cores considering HyperThreading | # Calculates the number of phyiscal cores considering HyperThreading | ||||||
| sub cpu_cores { | sub cpu_cores { | ||||||
|     my $cntCPU = `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 };  END { print CPUs*CORES }' /proc/cpuinfo`; |     my $cntCPU = | ||||||
|  | `awk -F: '/^core id/ && !P[\$2] { CORES++; P[\$2]=1 }; /^physical id/ && !N[\$2] { CPUs++; N[\$2]=1 };  END { print CPUs*CORES }' /proc/cpuinfo`; | ||||||
|     return ( $cntCPU == 0 ? `nproc` : $cntCPU ); |     return ( $cntCPU == 0 ? `nproc` : $cntCPU ); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -482,7 +498,8 @@ sub validate_tuner_version { | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     my $update; |     my $update; | ||||||
|     my $url = "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; |     my $url = | ||||||
|  | "https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl"; | ||||||
|     my $httpcli = get_http_cli(); |     my $httpcli = get_http_cli(); | ||||||
|     if ( $httpcli =~ /curl$/ ) { |     if ( $httpcli =~ /curl$/ ) { | ||||||
|         debugprint "$httpcli is available."; |         debugprint "$httpcli is available."; | ||||||
|  | @ -684,7 +701,8 @@ sub mysql_setup { | ||||||
|         if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { |         if ( ( $opt{host} ne "127.0.0.1" ) && ( $opt{host} ne "localhost" ) ) { | ||||||
|             $doremote = 1; |             $doremote = 1; | ||||||
|         } |         } | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         $opt{host} = '127.0.0.1'; |         $opt{host} = '127.0.0.1'; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  | @ -814,6 +832,7 @@ sub mysql_setup { | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|  | 
 | ||||||
|         # It's not Plesk or debian, we should try a login |         # It's not Plesk or debian, we should try a login | ||||||
|         debugprint "$mysqladmincmd $remotestring ping 2>&1"; |         debugprint "$mysqladmincmd $remotestring ping 2>&1"; | ||||||
|         my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; |         my $loginstatus = `$mysqladmincmd $remotestring ping 2>&1`; | ||||||
|  | @ -953,6 +972,7 @@ sub select_one_g { | ||||||
|     chomp(@result); |     chomp(@result); | ||||||
|     return ( grep { /$pattern/ } @result )[0]; |     return ( grep { /$pattern/ } @result )[0]; | ||||||
| } | } | ||||||
|  | 
 | ||||||
| sub select_str_g { | sub select_str_g { | ||||||
|     my $pattern = shift; |     my $pattern = shift; | ||||||
| 
 | 
 | ||||||
|  | @ -962,6 +982,7 @@ sub select_str_g { | ||||||
|     shift @val; |     shift @val; | ||||||
|     return trim(@val); |     return trim(@val); | ||||||
| } | } | ||||||
|  | 
 | ||||||
| sub get_tuning_info { | sub get_tuning_info { | ||||||
|     my @infoconn = select_array "\\s"; |     my @infoconn = select_array "\\s"; | ||||||
|     my ( $tkey, $tval ); |     my ( $tkey, $tval ); | ||||||
|  | @ -1441,7 +1462,8 @@ sub get_kernel_info { | ||||||
|         badprint |         badprint | ||||||
|           "Swappiness is > 10, please consider having a value lower than 10"; |           "Swappiness is > 10, please consider having a value lower than 10"; | ||||||
|         push @generalrec, "setup swappiness lower or equals to 10"; |         push @generalrec, "setup swappiness lower or equals to 10"; | ||||||
|         push @adjvars, 'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; |         push @adjvars, | ||||||
|  |           'vm.swappiness <= 10 (echo 10 > /proc/sys/vm/swappiness)'; | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|         infoprint "Swappiness is < 10."; |         infoprint "Swappiness is < 10."; | ||||||
|  | @ -1847,7 +1869,8 @@ sub mysql_version_ge { | ||||||
|     return |     return | ||||||
|          int($mysqlvermajor) > int($maj) |          int($mysqlvermajor) > int($maj) | ||||||
|       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) |       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) > int($min) ) | ||||||
|       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) |       || ( int($mysqlvermajor) == int($maj) | ||||||
|  |         && int($mysqlverminor) == int($min) | ||||||
|         && int($mysqlvermicro) >= int($mic) ); |         && int($mysqlvermicro) >= int($mic) ); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -1859,7 +1882,8 @@ sub mysql_version_le { | ||||||
|     return |     return | ||||||
|          int($mysqlvermajor) < int($maj) |          int($mysqlvermajor) < int($maj) | ||||||
|       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) |       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) < int($min) ) | ||||||
|       || ( int($mysqlvermajor) == int($maj) && int($mysqlverminor) == int($min) |       || ( int($mysqlvermajor) == int($maj) | ||||||
|  |         && int($mysqlverminor) == int($min) | ||||||
|         && int($mysqlvermicro) <= int($mic) ); |         && int($mysqlvermicro) <= int($mic) ); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -2124,7 +2148,8 @@ sub check_storage_engines { | ||||||
|             $total_free += $data_free; |             $total_free += $data_free; | ||||||
|             my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); |             my ( $table_schema, $table_name ) = split( /\./, $full_table_name ); | ||||||
|             push( @generalrec, |             push( @generalrec, | ||||||
|                 "  OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" ); | "  OPTIMIZE TABLE `$table_schema`.`$table_name`; -- can free $data_free MB" | ||||||
|  |             ); | ||||||
|         } |         } | ||||||
|         push( @generalrec, |         push( @generalrec, | ||||||
|             "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); |             "Total freed space after theses OPTIMIZE TABLE : $total_free Mb" ); | ||||||
|  | @ -2341,8 +2366,9 @@ sub calculations { | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     if ( $mystat{'Key_write_requests'} > 0 ) { |     if ( $mystat{'Key_write_requests'} > 0 ) { | ||||||
|         $mycalc{'pct_wkeys_from_mem'} = sprintf( |         $mycalc{'pct_wkeys_from_mem'} = sprintf( "%.1f", | ||||||
|             "%.1f",( ($mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) ); |             ( ( $mystat{'Key_writes'} / $mystat{'Key_write_requests'} ) * 100 ) | ||||||
|  |         ); | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|         $mycalc{'pct_wkeys_from_mem'} = 0; |         $mycalc{'pct_wkeys_from_mem'} = 0; | ||||||
|  | @ -3121,6 +3147,7 @@ sub mysql_myisam { | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
|     else { |     else { | ||||||
|  | 
 | ||||||
|         # No queries have run that would use keys |         # No queries have run that would use keys | ||||||
|         debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" |         debugprint "Key buffer used: $mycalc{'pct_key_buffer_used'}% (" | ||||||
|           . hr_num( |           . hr_num( | ||||||
|  | @ -3180,6 +3207,7 @@ sub mysql_myisam { | ||||||
|             } |             } | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
|  | 
 | ||||||
|             # No queries have run that would use keys |             # No queries have run that would use keys | ||||||
|             debugprint "Key buffer size / total MyISAM indexes: " |             debugprint "Key buffer size / total MyISAM indexes: " | ||||||
|               . hr_bytes( $myvar{'key_buffer_size'} ) . "/" |               . hr_bytes( $myvar{'key_buffer_size'} ) . "/" | ||||||
|  | @ -3204,6 +3232,7 @@ sub mysql_myisam { | ||||||
|             } |             } | ||||||
|         } |         } | ||||||
|         else { |         else { | ||||||
|  | 
 | ||||||
|             # No queries have run that would use keys |             # No queries have run that would use keys | ||||||
|             debugprint |             debugprint | ||||||
|               "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" |               "Write Key buffer hit rate: $mycalc{'pct_wkeys_from_mem'}% (" | ||||||
|  | @ -4882,6 +4911,7 @@ sub mariadb_xtradb { | ||||||
|     } |     } | ||||||
|     infoprint "XtraDB is enabled."; |     infoprint "XtraDB is enabled."; | ||||||
|     infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." |     infoprint "Note that MariaDB 10.2 makes use of InnoDB, not XtraDB." | ||||||
|  | 
 | ||||||
|       # All is to done here |       # All is to done here | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | @ -5031,29 +5061,39 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | ||||||
|     { |     { | ||||||
|         badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; |         badprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; | ||||||
|         push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; |         push @adjvars, "gcs.limit= wsrep_slave_threads * 5"; | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; |         goodprint "gcs.limit should be equal to 5 * wsrep_slave_threads"; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { |     if ( get_wsrep_option('wsrep_slave_threads') > 1 ) { | ||||||
|         infoprint "wsrep parallel slave can cause frequent inconsistency crash."; |         infoprint | ||||||
|         push @adjvars, "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; |           "wsrep parallel slave can cause frequent inconsistency crash."; | ||||||
|  |         push @adjvars, | ||||||
|  | "Set wsrep_slave_threads to 1 in case of HA_ERR_FOUND_DUPP_KEY crash on slave"; | ||||||
|  | 
 | ||||||
|         # check options for parallel slave |         # check options for parallel slave | ||||||
|         if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { |         if ( get_wsrep_option('wsrep_slave_FK_checks') eq "OFF" ) { | ||||||
|             badprint "wsrep_slave_FK_checks is off with parallel slave"; |             badprint "wsrep_slave_FK_checks is off with parallel slave"; | ||||||
|             push @adjvars, "wsrep_slave_FK_checks should be ON when using parallel slave"; |             push @adjvars, | ||||||
|  |               "wsrep_slave_FK_checks should be ON when using parallel slave"; | ||||||
|         } |         } | ||||||
|  | 
 | ||||||
|         # wsrep_slave_UK_checks seems useless in MySQL source code |         # wsrep_slave_UK_checks seems useless in MySQL source code | ||||||
|         if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { |         if ( $myvar{'innodb_autoinc_lock_mode'} != 2 ) { | ||||||
|             badprint "innodb_autoinc_lock_mode is incorrect with parallel slave"; |             badprint | ||||||
|             push @adjvars, "innodb_autoinc_lock_mode should be 2 when using parallel slave"; |               "innodb_autoinc_lock_mode is incorrect with parallel slave"; | ||||||
|  |             push @adjvars, | ||||||
|  |               "innodb_autoinc_lock_mode should be 2 when using parallel slave"; | ||||||
|         } |         } | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     if (get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) { |     if ( get_wsrep_option('gcs.fc_limit') != $myvar{'wsrep_slave_threads'} * 5 ) | ||||||
|  |     { | ||||||
|         badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; |         badprint "gcs.fc_limit should be equal to 5 * wsrep_slave_threads"; | ||||||
|         push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; |         push @adjvars, "gcs.fc_limit= wsrep_slave_threads * 5"; | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; |         goodprint "gcs.fc_limit is equal to 5 * wsrep_slave_threads"; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  | @ -5066,8 +5106,10 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | ||||||
|     } |     } | ||||||
|     if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { |     if ( get_wsrep_option('wsrep_flow_control_paused') > 0.02 ) { | ||||||
|         badprint "Fraction of time node pause flow control > 0.02"; |         badprint "Fraction of time node pause flow control > 0.02"; | ||||||
|     } else { |     } | ||||||
|         goodprint "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; |     else { | ||||||
|  |         goodprint | ||||||
|  | "Flow control fraction seems to be OK (wsrep_flow_control_paused<=0.02)"; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     if ( scalar(@primaryKeysNbTables) > 0 ) { |     if ( scalar(@primaryKeysNbTables) > 0 ) { | ||||||
|  | @ -5076,7 +5118,8 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | ||||||
|             badprint "\t$badtable"; |             badprint "\t$badtable"; | ||||||
|             push @{ $result{'Tables without PK'} }, $badtable; |             push @{ $result{'Tables without PK'} }, $badtable; | ||||||
|         } |         } | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "All tables get a primary key"; |         goodprint "All tables get a primary key"; | ||||||
|     } |     } | ||||||
|     my @nonInnoDBTables = select_array( |     my @nonInnoDBTables = select_array( | ||||||
|  | @ -5089,19 +5132,22 @@ having sum(if(c.column_key in ('PRI','UNI'), 1,0)) = 0" | ||||||
|         foreach my $badtable (@nonInnoDBTables) { |         foreach my $badtable (@nonInnoDBTables) { | ||||||
|             badprint "\t$badtable"; |             badprint "\t$badtable"; | ||||||
|         } |         } | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "All tables are InnoDB tables"; |         goodprint "All tables are InnoDB tables"; | ||||||
|     } |     } | ||||||
|     if ( $myvar{'binlog_format'} ne 'ROW' ) { |     if ( $myvar{'binlog_format'} ne 'ROW' ) { | ||||||
|         badprint "Binlog format should be in ROW mode."; |         badprint "Binlog format should be in ROW mode."; | ||||||
|         push @adjvars, "binlog_format = ROW"; |         push @adjvars, "binlog_format = ROW"; | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "Binlog format is in ROW mode."; |         goodprint "Binlog format is in ROW mode."; | ||||||
|     } |     } | ||||||
|     if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { |     if ( $myvar{'innodb_flush_log_at_trx_commit'} != 0 ) { | ||||||
|         badprint "InnoDB flush log at each commit should be disabled."; |         badprint "InnoDB flush log at each commit should be disabled."; | ||||||
|         push @adjvars, "innodb_flush_log_at_trx_commit = 0"; |         push @adjvars, "innodb_flush_log_at_trx_commit = 0"; | ||||||
|     } else { |     } | ||||||
|  |     else { | ||||||
|         goodprint "InnoDB flush log at each commit is disabled for Galera."; |         goodprint "InnoDB flush log at each commit is disabled for Galera."; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  | @ -5552,7 +5598,9 @@ sub mysql_databases { | ||||||
|         return; |         return; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|     my @dblist =  select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); |     my @dblist = select_array( | ||||||
|  | "SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" | ||||||
|  |     ); | ||||||
|     infoprint "There is " . scalar(@dblist) . " Database(s)."; |     infoprint "There is " . scalar(@dblist) . " Database(s)."; | ||||||
|     my @totaldbinfo = split /\s/, |     my @totaldbinfo = split /\s/, | ||||||
|       select_one( |       select_one( | ||||||
|  | @ -5715,7 +5763,6 @@ sub mysql_databases { | ||||||
| 
 | 
 | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| 
 |  | ||||||
| # Recommendations for database columns | # Recommendations for database columns | ||||||
| sub mysql_tables { | sub mysql_tables { | ||||||
|     return if ( $opt{dbstat} == 0 ); |     return if ( $opt{dbstat} == 0 ); | ||||||
|  | @ -5726,7 +5773,9 @@ sub mysql_tables { | ||||||
| "Skip Database metrics from information schema missing in this version"; | "Skip Database metrics from information schema missing in this version"; | ||||||
|         return; |         return; | ||||||
|     } |     } | ||||||
|     my @dblist =  select_array("SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );"); |     my @dblist = select_array( | ||||||
|  | "SELECT DISTINCT TABLE_SCHEMA FROM information_schema.TABLES WHERE TABLE_SCHEMA NOT IN ( 'mysql', 'performance_schema', 'information_schema', 'sys' );" | ||||||
|  |     ); | ||||||
|     foreach (@dblist) { |     foreach (@dblist) { | ||||||
|         my $dbname = $_; |         my $dbname = $_; | ||||||
|         next unless defined $_; |         next unless defined $_; | ||||||
|  | @ -5738,24 +5787,30 @@ sub mysql_tables { | ||||||
|             my $tbname = $_; |             my $tbname = $_; | ||||||
|             infoprint " +-- TABLE: $tbname"; |             infoprint " +-- TABLE: $tbname"; | ||||||
|             my @tbcol = select_array( |             my @tbcol = select_array( | ||||||
| "SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" ); | "SELECT COLUMN_NAME FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname'" | ||||||
|  |             ); | ||||||
|             foreach (@tbcol) { |             foreach (@tbcol) { | ||||||
|                 my $ctype = select_one( |                 my $ctype = select_one( | ||||||
| "SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); | "SELECT COLUMN_TYPE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " | ||||||
|  |                 ); | ||||||
|                 my $isnull = select_one( |                 my $isnull = select_one( | ||||||
| "SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " ); | "SELECT IS_NULLABLE FROM information_schema.COLUMNS WHERE TABLE_SCHEMA='$dbname' AND TABLE_NAME='$tbname' AND COLUMN_NAME='$_' " | ||||||
|  |                 ); | ||||||
|                 infoprint "     +-- Column $tbname.$_:"; |                 infoprint "     +-- Column $tbname.$_:"; | ||||||
|               my $current_type=uc($ctype). ($isnull eq 'NO'?" NOT NULL":""); |                 my $current_type = | ||||||
|               my $optimal_type=select_str_g("Optimal_fieldtype", "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)"); |                   uc($ctype) . ( $isnull eq 'NO' ? " NOT NULL" : "" ); | ||||||
|  |                 my $optimal_type = select_str_g( "Optimal_fieldtype", | ||||||
|  |                     "SELECT $_ FROM $dbname.$tbname PROCEDURE ANALYSE(100000)" | ||||||
|  |                 ); | ||||||
| 
 | 
 | ||||||
|           if ( $current_type ne $optimal_type ) |                 if ( $current_type ne $optimal_type ) { | ||||||
|         { |  | ||||||
|                     infoprint "      Current Fieldtype: $current_type"; |                     infoprint "      Current Fieldtype: $current_type"; | ||||||
|                     infoprint "      Optimal Fieldtype: $optimal_type"; |                     infoprint "      Optimal Fieldtype: $optimal_type"; | ||||||
|                     badprint |                     badprint | ||||||
| "Consider changing type for column $_ in table $dbname.$tbname"; | "Consider changing type for column $_ in table $dbname.$tbname"; | ||||||
|                     push( @generalrec, |                     push( @generalrec, | ||||||
|                 "ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" ); |                         "ALTER TABLE $dbname.$tbname MODIFY $_ $optimal_type;" | ||||||
|  |                     ); | ||||||
| 
 | 
 | ||||||
|                 } |                 } | ||||||
|                 else { |                 else { | ||||||
|  | @ -5935,6 +5990,7 @@ if ( $opt{'template'} ne 0 ) { | ||||||
|     $templateModel = file2string( $opt{'template'} ); |     $templateModel = file2string( $opt{'template'} ); | ||||||
| } | } | ||||||
| else { | else { | ||||||
|  | 
 | ||||||
|     # DEFAULT REPORT TEMPLATE |     # DEFAULT REPORT TEMPLATE | ||||||
|     $templateModel = <<'END_TEMPLATE'; |     $templateModel = <<'END_TEMPLATE'; | ||||||
| <!DOCTYPE html> | <!DOCTYPE html> | ||||||
|  |  | ||||||
|  | @ -354,35 +354,35 @@ | ||||||
| 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74095   |   URL:http://www.securityfocus.com/bid/74095   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.23;5;6;23;CVE-2015-2571;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5543-release-notes/   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   MANDRIVA:MDVSA-2015:227   |   URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:227   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74095   |   URL:http://www.securityfocus.com/bid/74095   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | 5.5.41;5;5;41;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.22;5;6;22;CVE-2015-2573;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier; and 5.6.22 and earlier; allows remote authenticated users to affect availability via vectors related to DDL.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html   |   DEBIAN:DSA-3229   |   URL:http://www.debian.org/security/2015/dsa-3229   |   GENTOO:GLSA-201507-19   |   URL:https://security.gentoo.org/glsa/201507-19   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:SUSE-SU-2015:0946   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html   |   UBUNTU:USN-2575-1   |   URL:http://www.ubuntu.com/usn/USN-2575-1   |   BID:74078   |   URL:http://www.securityfocus.com/bid/74078   |   SECTRACK:1032121   |   URL:http://www.securitytracker.com/id/1032121";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2582;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75751   |   URL:http://www.securityfocus.com/bid/75751";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75762   |   URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2611;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75762   |   URL:http://www.securityfocus.com/bid/75762";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75774   |   URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2617;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality; integrity; and availability via unknown vectors related to Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75774   |   URL:http://www.securityfocus.com/bid/75774";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.23;5;6;23;CVE-2015-2620;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75837   |   URL:http://www.securityfocus.com/bid/75837";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75760   |   URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2639;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75760   |   URL:http://www.securityfocus.com/bid/75760";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75815   |   URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2641;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75815   |   URL:http://www.securityfocus.com/bid/75815";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2643;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75830   |   URL:http://www.securityfocus.com/bid/75830";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2648;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75822   |   URL:http://www.securityfocus.com/bid/75822";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75813   |   URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-2661;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75813   |   URL:http://www.securityfocus.com/bid/75813";Assigned (20150320);"None (candidate not yet proposed)"; | ||||||
| 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | 5.7.2;5;7;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||||
| 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | 6.1.2;6;1;2;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-3152;Candidate;"Oracle MySQL before 5.7.3; Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3; and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional; which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack; aka a ""BACKRONYM"" attack.";"BUGTRAQ:20150429 [oCERT-2015-003] MySQL SSL/TLS downgrade   |   URL:http://www.securityfocus.com/archive/1/archive/1/535397/100/1100/threaded   |   MISC:http://mysqlblog.fivefarmers.com/2014/04/02/redefining-ssl-option/   |   MISC:http://www.ocert.org/advisories/ocert-2015-003.html   |   MISC:https://www.duosecurity.com/blog/backronym-mysql-vulnerability   |   MISC:http://packetstormsecurity.com/files/131688/MySQL-SSL-TLS-Downgrade.html   |   CONFIRM:http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/   |   CONFIRM:https://access.redhat.com/security/cve/cve-2015-3152   |   CONFIRM:https://github.com/mysql/mysql-server/commit/3bd5589e1a5a93f9c224badf983cd65c45215390   |   CONFIRM:https://jira.mariadb.org/browse/MDEV-7937   |   FEDORA:FEDORA-2015-10831   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161625.html   |   FEDORA:FEDORA-2015-10849   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161436.html   |   BID:74398   |   URL:http://www.securityfocus.com/bid/74398   |   SECTRACK:1032216   |   URL:http://www.securitytracker.com/id/1032216";Assigned (20150410);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.23;5;6;23;CVE-2015-4737;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier; and 5.6.23 and earlier; allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75802   |   URL:http://www.securityfocus.com/bid/75802";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | 5.5.43;5;5;43;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4752;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   DEBIAN:DSA-3308   |   URL:http://www.debian.org/security/2015/dsa-3308   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75849   |   URL:http://www.securityfocus.com/bid/75849";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   BID:75785   |   URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.22;5;6;22;CVE-2015-4756;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB; a different vulnerability than CVE-2015-0439.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   BID:75785   |   URL:http://www.securityfocus.com/bid/75785";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | 5.5.42;5;5;42;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.23;5;6;23;CVE-2015-4757;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   REDHAT:RHSA-2015:1629   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1629.html   |   REDHAT:RHSA-2015:1628   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1628.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75759   |   URL:http://www.securityfocus.com/bid/75759";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75770   |   URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4761;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75770   |   URL:http://www.securityfocus.com/bid/75770";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77232   |   URL:http://www.securityfocus.com/bid/77232   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.25;5;6;25;CVE-2015-4766;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77232   |   URL:http://www.securityfocus.com/bid/77232   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75844   |   URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4767;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4769.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75844   |   URL:http://www.securityfocus.com/bid/75844";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75753   |   URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4769;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall; a different vulnerability than CVE-2015-4767.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75753   |   URL:http://www.securityfocus.com/bid/75753";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75835   |   URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4771;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75835   |   URL:http://www.securityfocus.com/bid/75835";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75781   |   URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.24;5;6;24;CVE-2015-4772;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html   |   GENTOO:GLSA-201610-06   |   URL:https://security.gentoo.org/glsa/201610-06   |   REDHAT:RHSA-2015:1630   |   URL:http://rhn.redhat.com/errata/RHSA-2015-1630.html   |   SUSE:openSUSE-SU-2015:1629   |   URL:http://lists.opensuse.org/opensuse-updates/2015-09/msg00042.html   |   UBUNTU:USN-2674-1   |   URL:http://www.ubuntu.com/usn/USN-2674-1   |   BID:75781   |   URL:http://www.securityfocus.com/bid/75781";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77213   |   URL:http://www.securityfocus.com/bid/77213   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.26;5;6;26;CVE-2015-4791;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   BID:77213   |   URL:http://www.securityfocus.com/bid/77213   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | 5.5.45;5;5;45;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
| 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | 5.6.26;5;6;26;CVE-2015-4792;Candidate;"Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition; a different vulnerability than CVE-2015-4802.";"CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html   |   CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html   |   DEBIAN:DSA-3385   |   URL:http://www.debian.org/security/2015/dsa-3385   |   DEBIAN:DSA-3377   |   URL:http://www.debian.org/security/2015/dsa-3377   |   FEDORA:FEDORA-2016-e30164d0a2   |   URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177539.html   |   REDHAT:RHSA-2016:0534   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0534.html   |   REDHAT:RHSA-2016:0705   |   URL:http://rhn.redhat.com/errata/RHSA-2016-0705.html   |   SUSE:SUSE-SU-2016:0296   |   URL:https://www.suse.com/support/update/announcement/2016/suse-su-20160296-1.html   |   SUSE:openSUSE-SU-2016:0368   |   URL:http://lists.opensuse.org/opensuse-updates/2016-02/msg00039.html   |   SUSE:openSUSE-SU-2015:2244   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00010.html   |   SUSE:openSUSE-SU-2015:2246   |   URL:http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00011.html   |   UBUNTU:USN-2781-1   |   URL:http://www.ubuntu.com/usn/USN-2781-1   |   BID:77171   |   URL:http://www.securityfocus.com/bid/77171   |   SECTRACK:1033894   |   URL:http://www.securitytracker.com/id/1033894";Assigned (20150624);"None (candidate not yet proposed)"; | ||||||
|  | @ -540,12 +540,12 @@ | ||||||
| 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | 5.6.31;5;6;31;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | 5.7.13;5;7;13;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | 5.5.40;5;5;40;CVE-2016-6663;Candidate;"Race condition in Oracle MySQL before 5.5.52; 5.6.x before 5.6.33; 5.7.x before 5.7.15; and 8.x before 8.0.1; MariaDB before 5.5.52; 10.0.x before 10.0.28; and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.";"EXPLOIT-DB:40678   |   URL:https://www.exploit-db.com/exploits/40678/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MLIST:[oss-security] 20161025 Re: CVE-2016-6662 - MySQL Remote Root Code Execution / Privilege Escalation ( 0day )   |   URL:http://www.openwall.com/lists/oss-security/2016/10/25/4   |   MISC:https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-52.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-33.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-15.html   |   CONFIRM:https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-1.html   |   CONFIRM:https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805   |   CONFIRM:https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:92911   |   URL:http://www.securityfocus.com/bid/92911   |   BID:93614   |   URL:http://www.securityfocus.com/bid/93614";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | 5.5.50;5;5;50;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | 5.6.31;5;6;31;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | 5.7.13;5;7;13;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | 5.5.40;5;5;40;CVE-2016-6664;Candidate;"mysqld_safe in Oracle MySQL through 5.5.51; 5.6.x through 5.6.32; and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2; 5.6.x before 5.6.32-78-1; and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0; 5.6.x before 5.6.32-25.17; and 5.7.x before 5.7.14-26.17; when using file-based logging; allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.";"BUGTRAQ:20161104 MySQL / MariaDB / PerconaDB - Root Privilege Escalation Exploit ( CVE-2016-6664 / CVE-2016-5617 )   |   URL:http://www.securityfocus.com/archive/1/archive/1/539695/100/0/threaded   |   EXPLOIT-DB:40679   |   URL:https://www.exploit-db.com/exploits/40679/   |   FULLDISC:20161101 MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition Exploit [CVE-2016-6663 / OCVE-2016-5616]   |   URL:http://seclists.org/fulldisclosure/2016/Nov/4   |   MISC:http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html   |   MISC:http://packetstormsecurity.com/files/139491/MySQL-MariaDB-PerconaDB-Root-Privilege-Escalation.html   |   CONFIRM:https://www.percona.com/blog/2016/11/02/percona-responds-to-cve-2016-6663-and-cve-2016-6664/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:93612   |   URL:http://www.securityfocus.com/bid/93612";Assigned (20160810);"None (candidate not yet proposed)"; | ||||||
| 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | 5.6.25;5;6;25;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   GENTOO:GLSA-201611-22   |   URL:https://security.gentoo.org/glsa/201611-22   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||||
| 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | 7.0.10;7;0;10;CVE-2016-7412;Candidate;"ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag; which allows remote MySQL servers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted field metadata.";"MLIST:[oss-security] 20160915 Re: CVE assignment for PHP 5.6.26 and 7.0.11   |   URL:http://www.openwall.com/lists/oss-security/2016/09/15/10   |   CONFIRM:http://www.php.net/ChangeLog-5.php   |   CONFIRM:http://www.php.net/ChangeLog-7.php   |   CONFIRM:https://bugs.php.net/bug.php?id=72293   |   CONFIRM:https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1   |   GENTOO:GLSA-201611-22   |   URL:https://security.gentoo.org/glsa/201611-22   |   BID:93005   |   URL:http://www.securityfocus.com/bid/93005";Assigned (20160909);"None (candidate not yet proposed)"; | ||||||
| 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | 5.5.51;5;5;51;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | 5.6.32;5;6;32;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.14;5;7;14;CVE-2016-8283;Candidate;"Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier; 5.6.32 and earlier; and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-10118-release-notes/   |   CONFIRM:https://mariadb.com/kb/en/mariadb/mariadb-5552-release-notes/   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93737   |   URL:http://www.securityfocus.com/bid/93737";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
|  | @ -557,32 +557,32 @@ | ||||||
| 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.12;5;7;12;CVE-2016-8288;Candidate;"Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93740   |   URL:http://www.securityfocus.com/bid/93740";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93720   |   URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.13;5;7;13;CVE-2016-8289;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93720   |   URL:http://www.securityfocus.com/bid/93720";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93733   |   URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.13;5;7;13;CVE-2016-8290;Candidate;"Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema; a different vulnerability than CVE-2016-5633.";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html   |   GENTOO:GLSA-201701-01   |   URL:https://security.gentoo.org/glsa/201701-01   |   BID:93733   |   URL:http://www.securityfocus.com/bid/93733";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2016-8318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95580   |   URL:http://www.securityfocus.com/bid/95580";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2016-8327;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95557   |   URL:http://www.securityfocus.com/bid/95557";Assigned (20160926);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3238;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95571   |   URL:http://www.securityfocus.com/bid/95571";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95538   |   URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3243;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95538   |   URL:http://www.securityfocus.com/bid/95538";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3244;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95565   |   URL:http://www.securityfocus.com/bid/95565";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95482   |   URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3251;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95482   |   URL:http://www.securityfocus.com/bid/95482";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95486   |   URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3256;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95486   |   URL:http://www.securityfocus.com/bid/95486";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3257;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95589   |   URL:http://www.securityfocus.com/bid/95589";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3258;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95560   |   URL:http://www.securityfocus.com/bid/95560";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3265;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95520   |   URL:http://www.securityfocus.com/bid/95520";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3273;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95583   |   URL:http://www.securityfocus.com/bid/95583";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3291;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95501   |   URL:http://www.securityfocus.com/bid/95501";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)   |   URL:http://www.openwall.com/lists/oss-security/2017/03/17/3   |   MISC:http://riddle.link/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.54;5;5;54;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)   |   URL:http://www.openwall.com/lists/oss-security/2017/03/17/3   |   MISC:http://riddle.link/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)   |   URL:http://www.openwall.com/lists/oss-security/2017/03/17/3   |   MISC:http://riddle.link/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.35;5;6;35;CVE-2017-3305;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client; aka; ""The Riddle"".";"MLIST:[oss-security] 20170317 CVE-2017-3305 - The Riddle vulnerability in MySQL client (public disclosure)   |   URL:http://www.openwall.com/lists/oss-security/2017/03/17/3   |   MISC:http://riddle.link/   |   CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97023   |   URL:http://www.securityfocus.com/bid/97023";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97724   |   URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; | 3.1.6;3;1;6;CVE-2017-3306;Candidate;"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Supported versions that are affected are 3.1.6.8003 and earlier; 3.2.1182 and earlier and 3.3.2.1162 and earlier. Easily ""exploitable"" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Enterprise Monitor. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Enterprise Monitor; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation; deletion or modification access to critical data or all MySQL Enterprise Monitor accessible data as well as unauthorized access to critical data or complete access to all MySQL Enterprise Monitor accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Enterprise Monitor. CVSS 3.0 Base Score 8.3 (Confidentiality; Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97724   |   URL:http://www.securityfocus.com/bid/97724";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
|  | @ -597,20 +597,20 @@ | ||||||
| 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.54;5;5;54;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.35;5;6;35;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.17;5;7;17;CVE-2017-3309;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server; attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97742   |   URL:http://www.securityfocus.com/bid/97742";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3312;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality; Integrity and Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95491   |   URL:http://www.securityfocus.com/bid/95491";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3313;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95527   |   URL:http://www.securityfocus.com/bid/95527";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3317;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95585   |   URL:http://www.securityfocus.com/bid/95585";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.53;5;5;53;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.34;5;6;34;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3318;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier; 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   GENTOO:GLSA-201702-18   |   URL:https://security.gentoo.org/glsa/201702-18   |   BID:95588   |   URL:http://www.securityfocus.com/bid/95588";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95479   |   URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3319;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95479   |   URL:http://www.securityfocus.com/bid/95479";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   BID:95470   |   URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.16;5;7;16;CVE-2017-3320;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html   |   GENTOO:GLSA-201702-17   |   URL:https://security.gentoo.org/glsa/201702-17   |   BID:95470   |   URL:http://www.securityfocus.com/bid/95470";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | 5.5.54;5;5;54;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | 5.6.35;5;6;35;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
| 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | 5.7.17;5;7;17;CVE-2017-3329;Candidate;"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier; 5.6.35 and earlier and 5.7.17 and earlier. Easily ""exploitable"" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).";"CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html   |   BID:97763   |   URL:http://www.securityfocus.com/bid/97763";Assigned (20161206);"None (candidate not yet proposed)"; | ||||||
|  |  | ||||||
| Can't render this file because it is too large. | 
		Loading…
	
		Reference in a new issue
	
	 Jean-Marie RENOUARD
						Jean-Marie RENOUARD